Re: [SQU] ICMP

Yes, Henrik,

You are correct. Perhaps I must try it and see what will happen. Anyway,
thank you so much for your remind about "destination unreachable".

By disabling ICMP echo, at least people cannot ping (and traceroute ?) the
IP. So, we hope that the think that the IP is not be used. Of course,
firewall is a thing that should be implement as you recommend

Thx

Best Regards,

Awie

----- Original Message -----
From: "Henrik Nordstrom" <hno@hem.passagen.se>
To: "Awie" <awie@eksadata.com>
Cc: <squid-users@ircache.net>
Sent: Monday, March 05, 2001 12:48 AM
Subject: Re: [SQU] ICMP

> Sure.
>
> However, be sure to not disable the required (by TCP) "destination
> unreachable" ICMP messages.
>
> Please note that disabling ICMP ECHO does not increase security by a
> measurable margin. A lot more is to it when making a decent firewall
> setting.
>
> --
> Henrik Nordstrom
> Squid hacker
>
>
> Awie wrote:
> >
> > Hi Henrik,
> >
> > So, it means my Squid will be OK if I disable ICMP echo into my Linux.
Am I
> > right?
> >
> > The purpose to disable ICMP echo is security reason.
> >
> > Thx
> >
> > Awie
> >
> > ----- Original Message -----
> > From: "Henrik Nordstrom" <hno@hem.passagen.se>
> > To: "Awie" <awie@eksadata.com>
> > Cc: <squid-users@ircache.net>
> > Sent: Sunday, March 04, 2001 9:45 PM
> > Subject: Re: [SQU] ICMP
> >
> > > Squid only uses ICMP echo if enabled with --enable-icmp.
> > >
> > > --
> > > Henrik Nordstrom
> > > Squid Hacker
> > >
> > > Awie wrote:
> > > >
> > > > Folks,
> > > >
> > > > I plan to disable ICMP echo from my Linux. As I know, Squid doesn't
> > > > need ICMP. Is it save for Squid if Linux will not send echo of ICMP?
> > > >
> > > > Your answer is appreciated.
> > > >
> > > > Best Regards,
> > > >
> > > > Awie
> > >
>
> --
> To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
>

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html