G
Guest
Guest
Archived from groups: comp.security.firewalls,uk.telecom.broadband,comp.security.misc,alt.computer.security (More info?)
In article <sxodvi$bk9$r@ddka.demon.co.uk>, a031003
${dd}.nospam@ddka.invalid says...
> On Sun, 25 Sep 2005 20:09:12 GMT, Leythos
> <void@nowhere.lan> wrote:
>
> > Errors are not fixed by ICMP and are not going to cause a failure in
> > communications. You can still get the data.
>
> Errors may not be "fixed" by ICMP but ICMP may just tell you what you need to
> do in order to fix something - e.g. ICMP type 3 codes 4, 11 and 12. If you
> trash the ICMP response then you may end up with a failed connection which
> would have otherwise worked without any problem - so no - ignoring ICMP does
> not mean that you still get the data in all circumstances.
I agree, but since we allow ICMP to approved sites/connections, but
block it to the rest of the world, it doesn't really matter if there is
a problem for the blocked ones - see the point now?
--
spam999free@rrohio.com
remove 999 in order to email me
In article <sxodvi$bk9$r@ddka.demon.co.uk>, a031003
${dd}.nospam@ddka.invalid says...
> On Sun, 25 Sep 2005 20:09:12 GMT, Leythos
> <void@nowhere.lan> wrote:
>
> > Errors are not fixed by ICMP and are not going to cause a failure in
> > communications. You can still get the data.
>
> Errors may not be "fixed" by ICMP but ICMP may just tell you what you need to
> do in order to fix something - e.g. ICMP type 3 codes 4, 11 and 12. If you
> trash the ICMP response then you may end up with a failed connection which
> would have otherwise worked without any problem - so no - ignoring ICMP does
> not mean that you still get the data in all circumstances.
I agree, but since we allow ICMP to approved sites/connections, but
block it to the rest of the world, it doesn't really matter if there is
a problem for the blocked ones - see the point now?
--
spam999free@rrohio.com
remove 999 in order to email me