This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/routing-wg@ripe.net/
[routing-wg] request to enable ICMP echo-reply on rpki.ripe.net?
- Previous message (by thread): [routing-wg] request to enable ICMP echo-reply on rpki.ripe.net?
- Next message (by thread): [routing-wg] request to enable ICMP echo-reply on rpki.ripe.net?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Daniel Suchy
danny at danysek.cz
Wed May 5 13:54:57 CEST 2021
Security through obscurity isn't security. Even this approach is popular on some places. I don't thing there isn't valid *security* reason to fully block ICMP echo requests on NCC firewalls. This just makes diagnostics of network/connectivity incidents harder (and more unfriendly). In the fact, requests are processed and ICMP responses are sent by firewalls anyway (admin prohibited / packet filtered). - Daniel On 5/5/21 12:52 PM, Kurt Kayser wrote: > Gert, > > you surely know that every enabled protocol/port is a potential threat. > > .kurt > > > Am 05.05.21 um 12:32 schrieb Gert Doering: >> Hi, >> >> On Wed, May 05, 2021 at 12:30:01PM +0200, Kurt Kayser wrote: >>> I understand your point. But there is really no big effort to check if >>> Port 873 is working: >>> >>> <host>nc -zvw100 rpki.ripe.net 873 >>> Connection to rpki.ripe.net 873 port [tcp/rsync] succeeded! >>> >>> Let's make a security comparison, if this is really a necessary feature? >> So where exactly is the *security* drawback of permitting ICMP echo? >> >> But yes, of course, we can all do tcpping instead - which is much >> more likely to have an adverse effect on the actual service... >> >> Gert Doering >> -- NetMaster >
- Previous message (by thread): [routing-wg] request to enable ICMP echo-reply on rpki.ripe.net?
- Next message (by thread): [routing-wg] request to enable ICMP echo-reply on rpki.ripe.net?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]