Raffy:
Pass Echo Reply to higher layer |3.2.2.6 |x| | | | | Pass Echo Reply to higher layer? Meaning in the IP stack, right?
Application is the TOP ???: ICMP/TCP transportation: IP ??? : Ether
Yes, so the echo reply should be passed to the application layer not to the IP-Stack (which is somewhere lower, if I'm right) I think this requirement has to do with user feedback or that the data-sending application get to nkow something went wrong.
3.2.2.6 Echo Request/Reply: RFC-792
Conclusion: So I should implement my gateway/firewall to discard such incoming ICMP requests, right?
You should block ICMP to the broadcast address in every case. This is the source for a lot of DOS attacks. Because it would generate quite some network traffic (all the machines in the subnet would PONG)
I agree with that. See my explanation below
No other host could now how I subnetted my network. I can not decide if an outgoing ICMP-request is legal (i.e. if 10.0.1.0 is a host or network. But their router can be configured from their administrator) What do you mean? Raffy
I mean I could only DENY incoming ICMP-echo requests, not also my outgoing requests. I can not say if 10.0.0.127 is a host or a broadcast adress. Their netmask may be 255.255.255.128 and so with this netmask, .127 is a broadcast-address. I was thinking if all provdiers could stop packet storm at the outgoing routers. But they can't. So if all administrators would drop incoming ICMP-echo requests to local broadcasts adresses packet storm wouldn't be possible.