Sam.Wilson at ed.ac.uk
Mon Oct 2 09:44:48 UTC 2006
In article <efk967$ol9$1 at sf1.isc.org>,
Mark Andrews <Mark_Andrews at isc.org> wrote:
> > In article <efi6t1$1hh7$1 at sf1.isc.org>,
> > Mark Andrews <Mark_Andrews at isc.org> wrote:
> > > > Ping is generally a bad connection test. It uses ICMP which most
> > > > firewalls will block.
> > >
> > > Any sane firewall will accept ICMP. TCP and UDP don't
> > > operate correctly if you block ICMP.
> > >
> > > The only problem with ICMP/ECHO was with directed broadcasts
> > > and any router purchased in the last 10 years has support
> > > for directed broadcasts off by default.
> > With respect there was also the ping of death,
> http://insecure.org/sploits/ping-o-death.html which is a IP
> problem not a ICMP problem. You could do the same with UDP,
> TCP or anything else carried on IP.
That's true, but the initial exploit was with ping so security paranoia
resulted in ping being blocked, and in many cases ICMP in general being
I considered following up on your comments about irrationality, but I
really have nothing to add. :-)
More information about the bind-users