[extract from rfc 1122]: Interesting... I never read this RFC... I'm on it right now.
Don't have too much time, should probably also do that *g*
quoted from RFC section Echo server and Echo client |3.2.2.6 |x| | | | | What is echo server and echo client? 3.2.2.6 Echo Request/Reply: RFC-792 Every host MUST implement an ICMP Echo server function that receives Echo Requests and sends corresponding Echo Replies. A host SHOULD also implement an application-layer interface for sending an Echo Request and receiving an Echo Reply, for diagnostic purposes.
Seems nice. But if I block that at the firewall. I mean the host implemented it, but I block it :-) Honestly, I guess I will have to allow PING through the firewall, although, I DON'T LIKE THAT! What are other people's thoughts?
Pass Echo Reply to higher layer |3.2.2.6 |x| | | | | Pass Echo Reply to higher layer? Meaning in the IP stack, right?
3.2.2.6 Echo Request/Reply: RFC-792 (...) Echo Reply messages MUST be passed to the ICMP user interface, unless the corresponding Echo Request originated in the IP layer.
I phrased my question wrong... Anyway. Let me help you with the OSI model:
OSI layer diagram: (quoted from my Memory - e.g. may be wrong / different) -Top-
Application is the TOP
Application: HTTP/FTP ???: ICMP/TCP
SESSION
transportation: IP ??? : Ether
DataLink! Lowest layer ist Physical Layer!
3.2.2.6 Echo Request/Reply: RFC-792 (...) An ICMP Echo Request destined to an IP broadcast or IP multicast address MAY be silently discarded. DISCUSSION: This neutral provision results from a passionate debate between those who feel that ICMP Echo to a broadcast address provides a valuable diagnostic capability and those who feel that misuse of this feature can too easily create packet storms.
Conclusion: So I should implement my gateway/firewall to discard such incoming ICMP requests, right?
You should block ICMP to the broadcast address in every case. This is the source for a lot of DOS attacks. Because it would generate quite some network traffic (all the machines in the subnet would PONG)
No other host could now how I subnetted my network. I can not decide if an outgoing ICMP-request is legal (i.e. if 10.0.1.0 is a host or network. But their router can be configured from their administrator)
What do you mean? Raffy