Apologies for mistakenly attributing the 'supposedly secure' point and the
OP to Strykar when I meant Secure This.

> >-----Original Message-----
> >From: Murda Mcloud [mailto:murdamcloud (at) bigpond (dot) com [email concealed]]
> >Sent: Thursday, March 27, 2008 8:50 AM
> >To: 'Strykar'; 'security-basics (at) securityfocus (dot) com [email concealed]'
> >Subject: RE: Removing ping/icmp from a network
> >
> >I think the important thing here is where Strykar says 'supposedly
> >secure'.
> >What are the risks that you can see on that network? Are there enough
> >risks to tip it past the 'trusted' point.
> >Granted, 'trusted' is just a label, and not a metric as such here.
> >I know the word has a meaning in the 'inside of the perimeter and not the
> >DMZ' sense but what else does it mean to people?
> >
> >Scott Ramsdell said:
> >>>Even on my trusted LAN, I only allow echo request/echo reply.
> >
> >Which made me wonder, is that a 'trusted' LAN then? Different networks
> >have different needs and different risks to address.
> >When does it stop being trusted? Because it's outside a firewall? Behind
> >a router? Because I don't know the people using the clients on the LAN?
> >What does everyone else think?
> >Obviously I don't trust some of my users not to mistakenly or
> >purposefully access risky websites or services-otherwise I wouldn't have
> >controls in place to mitigate that. But they are on my 'trusted' LAN.
> >So trusted seems a fuzzy concept here; a human word for a human
> >situation.
> >
> >Personally, I'd find it very difficult to do my job without Mike Muss'
> >awesome little program, ping. So blocking ICMP is not going to happen on
> >the inside...of my, uh, trusted LAN.
> >> >-----Original Message-----
> >> >From: listbounce (at) securityfocus (dot) com [email concealed]
> >[mailto:listbounce (at) securityfocus (dot) com [email concealed]]
> >> >On Behalf Of Strykar
> >> >Sent: Wednesday, March 26, 2008 10:30 AM
> >> >To: security-basics (at) securityfocus (dot) com [email concealed]
> >> >Subject: RE: Removing ping/icmp from a network
> >> >
> >> >You don't discourage ICMP on a network, that's uninformed Jim the
> >farmer
> >> >cum
> >> >Sysad talk.
> >> >
> >> >
> >> >- S
> >> >
> >> >-----Original Message-----
> >> >From: listbounce (at) securityfocus (dot) com [email concealed]
> >[mailto:listbounce (at) securityfocus (dot) com [email concealed]]
> >> >On
> >> >Behalf Of Secure This
> >> >Sent: Tuesday, March 25, 2008 10:00 PM
> >> >To: security-basics (at) securityfocus (dot) com [email concealed]
> >> >Subject: Removing ping/icmp from a network
> >> >
> >> >I have a variety of clients with data centres who all make use of
> >> >icmp/ping to monitor their servers/appliances/devices (often with
> >poorly
> >> >configured snmp versions 1 and 2).
> >> >
> >> >Could anybody kindly advise me of tools and strategies for minimising
> >or
> >> >removing the use of icmp/ping on a supposedly secure network?
> >> >
> >> >Thanks in advance

[ reply ]