> > On Mon, 27 Mar 1995, Paul Ferguson wrote: > > > Why not simply use a 'sane' implementation of ICMP class filtering, > > such as offered in cisco IOS 10.3, to simply block specific classes > > of ICMP traffic? > > I don't think you understand what he meant. He means detecting someone > scanning your host. Say with strobe/iss/satan/tcp_probe etc.. look for > ICMP port unreachable packets leaving your host. > > - Oliver > > Actually, I did understand what he meant. My reply was to to simply use a method to drop all ICMP traffic prior to entry. - paul _______________________________________________________________________________ Paul Ferguson US Sprint tel: 703.689.6828 Managed Network Engineering internet: paul@hawk.sprintmrn.com Reston, Virginia USA http://www.sprintmrn.com