Should I Block ICMP?

Should I block ICMP? No!! The Problem Many network administrators feel that ICMP is a security risk, and should therefore always be blocked at the firewall. It is true that ICMP does have some security issues associated with it, and that a lot of ICMP should be blocked. But this is no reason to block all ICMP traffic! ICMP has many important features; some are useful for troubleshooting, while some are essential for a network to function correctly. Here are details of some of the important ICMP traffic that you should know about, and consider allowing through your network. Echo Request and Echo Reply IPv4 - Echo Request (Type8, Code0) and Echo Reply (Type0, Code0) IPv6 - Echo Request (Type128, Code0) and Echo Reply (Type129, Code0) We all know these ones - ping is one of the first troubleshooting tools that we all learn. Yes, if you enable it, it means that your host is now discoverable - but wasn't your web server already listening on port 80 anyway? Sure, b ... Read full article.