MSUNAG Archives

MSUNAG Archives


View:

Next Message | Previous Message
Next in Topic | Previous in Topic
Next by Same Author | Previous by Same Author
Chronologically | Most Recent First
Proportional Font | Monospaced Font

Options:

Join or Leave MSUNAG
Reply | Post New Message
Search Archives


Subject: Re: Windows Firewall ICMP Settings
From: Doug Nelson <[log in to unmask]>
Reply-To:Doug Nelson <[log in to unmask]>
Date:Mon, 11 Apr 2005 14:05:13 -0400
Content-Type:text/plain
Parts/Attachments:
Parts/Attachments

text/plain (25 lines) 


On Mon, Apr 11, 2005 at 10:32:07AM -0400, Chris Wolf wrote:

> Doug (or others),
>
> This discussion of pinging reminds me--what are you recommending for the ICMP settings of the Windows XP Firewall?  I recall discussion at a NAG meeting where most seemed to think that Microsoft's default settings were too restrictive and that allowing all of the ICMP responses was desirable.

Personally, I still think it's a good idea to allow ICMP responses,
but I do know that others may disagree.  I like it because it aids in
troubleshooting, and can also aid with the use of dynamic IP addresses,
allowing the DHCP server to spot misused IP addresses.

I do know that some worms or scanners use an ICMP echo test prior to a
more in-depth probe of a system, so turning off ICMP echo replies can
make your system invisible to such worms.  However, those worms seem
to be a small minority of those that are out there.

Doug


--


Doug Nelson, Network Manager             |  [log in to unmask]
Academic Computing and Network Services  |  Ph: (517) 353-2980
Michigan State University                |  http://www.msu.edu/~nelson/

Back to: Top of Message | Previous Page | Main MSUNAG Page

Permalink


LIST.MSU.EDU

CataList Email List Search Powered by the LISTSERV Email List Manager