[index] [text page] [<<start] [<prev] [next>] [last>>]
Page 6: InteractiveBastille example screen
Page 6

  
  InteractiveBastille example screen
  Q: ICMP allowed types: [destination-unreachable echo-reply time-exceeded] Specify the ICMP allowed types.  The default suggestion allows you to probe other hosts with ping and traceroute. Minimally you will need to allow " destination-unreachable".
  "destination-unreachable" lets other machines' servers tell your system when things aren't right; don't disable this unless you really know what you're getting into. If you don't allow "echo-reply" and "time-exceeded", you won't be able to use ping and traceroute to debug issues on the "public" networks.
  ICMP allowed types: [destination-unreachable echo-reply time-exceeded]

Copyright 2003, Bri Hatch of Onsight, Inc.

Presented at ISSA Puget Sound, 2003.

Presentation created using vim and MagicPoint.