Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4247
Views
0
Helpful
1
Replies

If we block ICMP from outside to Inside what are the disadvantages

imranuddin.ias
Level 1
Level 1

‎05-10-2017 07:09 PM - edited ‎03-10-2019 12:49 AM

anyone know about the topic

Labels:
0 Helpful
1 Reply 1

vrostowsky
Level 5
Level 5

‎05-12-2017 11:00 AM

immubhai-


if you have an ISP that uses icmp to check if your node is up, then you can use an ACL to allow that one address, otherwise, the best practice would be to allow only echo reply, time-exceeded and unreachable.  I personally try to reduce my external surface area probing by blocking all access from the foreign (to my location) based on IANA addressing blocks.  this is by no means an exact science since addressing from foreign ranges is often given to businesses in the US.  This is my 2 cents, hope it helps.


Vince

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents