Quote:
Originally Posted by qasdfdsaq
Because the ping is generated by an attacker and the pong is generated by your own router. For an attack to be effective you have to decide to actively generate those pongs. They are not created by the attacker and they don't come out of nowhere. You have complete control over how many pongs you choose to generate and if you choose to disable your own connection by ponging too much that's your own stupidity. An attacker has zero control over this.
Imagine you're shouting at someone until you lose your voice. They may be provoking you but you're the one doing the actual damage to yourself, and nobody is forcing you to do it. You choose to of your own accord. There would be no damage and no attack if you did not choose to shout back yourself.
All a firewall is going to do is cover your mouth when you're shouting. Which is obviously an inferior method of damage prevention than just not shouting as much in the first place.
|
Is this what it boils down to, because you don't think that some firewalls have flood protection? For a bunch of requests, not just ICMP?
I'm not disagreeing on how an attack is done via ICMP, all we seem to disagree with is what can be used to prevent it. You seem obsessed that only one thing should stop it, when all I'm saying is that there are a number of ways to prevent the Denial of Service, so disabling the feature entirely is really not necessary.
I don't understand why you can't just agree that there's such a thing as having multiple layers of security.