alt Hacker NewsI'd say that ICMP is only situationally blocked by firewalls, not the other way around.
Because I can ping almost any public server on the internet and they will reply. I can ping your website just fine and it replies to me!
I'd say that ICMP is only situationally blocked by firewalls, not the other way around.
Because I can ping almost any public server on the internet and they will reply. I can ping your website just fine and it replies to me!
You'd say incorrectly, firewalls have an implicit deny rule, so any case ICMP traverses a firewall, someone wanted it to. Obviously large hosting providers tend to find value in ICMP being enabled.
But for example, our firewall at work responds to ICMP but all of the endpoints which aren't meant for public use do not. That is less because ICMP is a problem and more because everything works fine without it and least privilege is good design.
ICMP is also more than just ping, and some parts of ICMP are considered a vulnerability if exposed to the public internet by some scanning services.