Wireshark · Wireshark-users: Re: [Wireshark-users] Lost packets can not ping mymachineonmynetwork

Wireshark-users: Re: [Wireshark-users] Lost packets can not ping mymachineonmynetwork

From: Andrew Hood <ajhood@xxxxxxxxx>

Date: Mon, 16 Oct 2006 08:54:16 +1000

ronnie sahlberg wrote:
> Why would an operating system allow you to disable ICMP?

Because some of those people trying to secure windows asked them to
allow it. So they could stop ICMP scans. Security through obscurity. ARP
scanning requires access to the router/switch/segment so is less of a
"risk".

> ICMP has no security issues and IS a vital part of what keeps TCP/IP
> working properly.

You really should say "no intrinsic issues". It does allow you to map
networks. Also, see above answer.

> Allowing users to configure/disable this is as silly as when clueless
> firewall admins block all ICMP and then wonder why their users have
> problem accessing the network and browsing the internet.

Just because you have a network does not mean you are allowed to use it
as you wish. If it is not in the permitted use specification they will
consider it part of their job to make sure it does not work.

They are also really good at breaking things that did have permission to
work by making rule changes to add new functions.

-- 
There's no point in being grown up if you can't be childish sometimes.
                -- Dr. Who

References:
- Re: [Wireshark-users] Lost packets can not ping mymachineonmynetwork
  - From: Turner, Jay
- Re: [Wireshark-users] Lost packets can not ping mymachineonmynetwork
  - From: ronnie sahlberg

Prev by Date: [Wireshark-users] Getting stats with tshark
Next by Date: Re: [Wireshark-users] H.323 call flow
Previous by thread: Re: [Wireshark-users] Lost packets can not ping mymachineonmynetwork
Next by thread: [Wireshark-users] Viability of detecting Wireshark with ARP-packets
Index(es):
- Date
- Thread