Manualshelf

Installing and Administering PPP

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1 Networking Software
919293949596979899100
94 Chapter 5
Security Techniques
Packets Overview
Internet Control Message Protocol (ICMP)
Level
Figure 5-2
* RFC-792 [ICMP]
ICMP messages may be filtered on the type and code fields.
In general, it is not a good idea to block all inbound or outbound ICMP
messages because ICMP messages are an important way that status
information is conveyed over an IP network. For instance, blocking
ICMP Source Quench messages (Type 4), used to tell a packet source to
slow down, can cause problems for other users and sites.
It is true that you should probably not permit ICMP Redirect messages
(Type 5) to pass through your router since the routing on an internal
node should not be changed by an external site.
If you want to block ping from being used for host discovery, then you
should block inbound ICMP Echo packets (Type 8).