[WEB4LIB] Network security and ICMP

Lori Bowen Ayre LBAyre at galecia.com
Thu Feb 8 17:57:14 EST 2001


One thought is that your IT group wants to ensure that no Denial of Service
attacks *originate* from any of your institution's computers.

Lori Bowen Ayre
Library Technology Consultant



-----Original Message-----
From: web4lib at webjunction.org
[mailto:web4lib at webjunction.org]On Behalf Of Stacy Pober
Sent: Thursday, February 08, 2001 2:44 PM
To: Multiple recipients of list
Subject: [WEB4LIB] Network security and ICMP


The computer center at our college recently changed the college's
firewall settings so that ICMP commands such as Ping and Traceroute
cannot be sent OUT from our campus.

I understand why a site might want to block incoming ICMP.  Some sites
do this to prevent denial-of-service attacks that are done with a flood
of ping requests.  But I'm baffled as to how our security is enhanced by
blocking OUTGOING pings and traceroutes.  And since I use these
protocols for helping to diagnose specific problems, I'm trying to
figure out if this setting is necessary or just over-cautious on the
part of our IT people.

Is outgoing ping and traceroute a threat to a site?  Is blocking this
routine?  I don't know how other campuses are set up with regard to
their firewall and security measures.

--
Stacy Pober
Information Alchemist
Manhattan College Libraries
Riverdale, NY 10471
http://www.manhattan.edu/library



More information about the Web4lib mailing list