[WEB4LIB] Network security and ICMP
David Lewis
lewisd at sunytccc.edu
Fri Feb 9 09:03:49 EST 2001
Our campus did the same thing about a year ago. Our IT manager was happy to poke my office machine through the firewall for outgoing ICMP commands. They actually poked 3 of us from the library through so we could be more helpful to them in diagnosing network slowness. It was easy to do by ip address.
******************************************************
David Lewis
Tompkins Cortland Community College Library
P.O. Box 139
170 North Street
Dryden NY 13053-0139
Tel: 607-844-8211 x4387
Fax: 607-844-6540
lewisd at sunytccc.edu
>>> Stacy Pober <spober at manhattan.edu> 02/08 5:47 PM >>>
The computer center at our college recently changed the college's
firewall settings so that ICMP commands such as Ping and Traceroute
cannot be sent OUT from our campus.
I understand why a site might want to block incoming ICMP. Some sites
do this to prevent denial-of-service attacks that are done with a flood
of ping requests. But I'm baffled as to how our security is enhanced by
blocking OUTGOING pings and traceroutes. And since I use these
protocols for helping to diagnose specific problems, I'm trying to
figure out if this setting is necessary or just over-cautious on the
part of our IT people.
Is outgoing ping and traceroute a threat to a site? Is blocking this
routine? I don't know how other campuses are set up with regard to
their firewall and security measures.
--
Stacy Pober
Information Alchemist
Manhattan College Libraries
Riverdale, NY 10471
http://www.manhattan.edu/library
More information about the Web4lib
mailing list