May 17, 2021

Is it good practice to block all incoming ICMP packets?

I’m doing IT support at a location where they are blocking all inbound ICMP so if I try to ping externally I don’t get any replies. This makes troubleshooting some issues a real pain in the butt. As far as I know the firewall should be set up to not reply to ping requests and that’s it. Is there any security purpose for blocking all incoming ICMP? Can you list sources so I can understand better why this was implemented or send me sources so I can convince them to adjust these policies to allow originating return pings?

Comments

MrMojito1

Give this a read;
https://www.bleepingcomputer.com/news/security/new-windows-pingback-malware-uses-icmp-for-covert-communication/

If still required you could set ICMP open for only internal traffic (trusted sources).

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.