Is there a reason why I should not block ICMP?

Over the last week or so, I've noticed a fairly large number of 'script/worm/hack' attempts on our Windows 2000 test server. The server is patched & protected, so the attempts do no damage, but they are something that I'm happy to do without.

After blocking all ICMP traffic, these attempts have almost stopped. So blocking ICMP would seem to be a good counter-measure, but I was wondering if there is any reason why blocking ICMP is not a good idea?

It did stress our hosting-provider for a few days, because I did not think to tell them that I'd blocked ICMP, and their 'monitoring system' continued to report that our server was down. Is there a reason why I should not block ICMP? They now monitor port 80. :p
I've also allowed ICMP only for my IP, and the IP's of our other servers, so we can test-ping the machine with no problems.

After the well-publicised DOS attacks on MS, Yahoo etc, I notice that many high profile websites do not reply to ping's - maybe they have done something similar?

 

 

 

 

Top