Since so far 6 people misunderstood this, I *meant* those networks that don't need to permit it, should consider filtering inbound ICMP echo request packets. (And, hence, blocking the spoofed packet from causing an ICMP echo reply flood.)
Adrian Chadd writes...
A couple of problems:
* Filtering ALL ICMP is pretty silly, ICMP is there for more than just pings, and some of it is important.
---------------------------------------------------------------------- Wayne Bouchard GlobalCenter web@primenet.com Primenet Network Operations Internet Solutions for (602) 416-6422 800-373-2499 x6422 Growing Businesses FAX: (602) 416-9422 http://www.primenet.com http://www.globalcenter.net ----------------------------------------------------------------------