Port 8 Echo Request - Should I allow on my Firewall?

[Wayne]

Hi

My checkpoint firewall is constantly blocking requests on
port 8 Echo Request. The sources of these echo requests
are numerous. However, I notice several of the source IP's
occur in my log more than once.

From what I've read, port 8 Echo Request is port of the
ICMP protocol, which is part of IP. It can be used for
good and bad purposes. It is good in such a way that a
network admin can detect the Operating System of a unknown
new node on the network. It is bad in such a way that a
hacker can create a "map" of my network to prepare his DOS
attack.

I don't manually use ICMP to discover new nodes on my
network.

So, should I block incoming connections on port 8 Echo
Request?

Thanks

Wayne

 

[Keith W. McCammon]

If you don't need it, it should not be permitted. And if your logs indicate
constant drops, then there shouldn't be any more for you to do.

 

[Lanwench [MVP - Exchange]]

Inbound ICMP should always be blocked. Actually, *all* unneeded ports should
always be blocked.

 

[Wayne]

Ok I'll just leave it as it is. We run a win2k server DC
for basic file and print service. I wasn't sure if we
needed it or not.

Thanks

 

[Karl Levinson [x y] mvp]

Win2000 domain controllers do use ICMP for some tasks and blocking it can
cause problems. But if you aren't noticing anything broken, and/or the ICMP
is not from trusted Windows networking clients, then as Keith says, leave it
disabled.

ICMP doesn't exactly use ports. It has "ICMP type" and "ICMP code" values
in the header to indicate the purpose, type and format of the rest of the
ICMP payload. www.networksorcery.com has ICMP RFC information explaining
more about what the values mean if you wish.