 |
 |
On Mon, Apr 11, 2005 at 10:32:07AM -0400, Chris Wolf wrote: > Doug (or others), > > This discussion of pinging reminds me--what are you recommending for the ICMP settings of the Windows XP Firewall? I recall discussion at a NAG meeting where most seemed to think that Microsoft's default settings were too restrictive and that allowing all of the ICMP responses was desirable. Personally, I still think it's a good idea to allow ICMP responses, but I do know that others may disagree. I like it because it aids in troubleshooting, and can also aid with the use of dynamic IP addresses, allowing the DHCP server to spot misused IP addresses. I do know that some worms or scanners use an ICMP echo test prior to a more in-depth probe of a system, so turning off ICMP echo replies can make your system invisible to such worms. However, those worms seem to be a small minority of those that are out there. Doug -- Doug Nelson, Network Manager | [log in to unmask] Academic Computing and Network Services | Ph: (517) 353-2980 Michigan State University | http://www.msu.edu/~nelson/