[verri]

But why filter ICMP at all? I can understand that ICMP allows for covert tunnelling, but by that logic any IP protocol number should be blocked.

[mgsouth]

I think it's more the incoming ICMP that is troublesome, particularly redirect, and to a lesser extent destination unreachable (DOS).

[rasz]

Under windows you cant whitelist applications allowed to use ICMP, all ICMP traffic originates from deep down ring 0 NT Kernel process.

[feld]

because some ICMP types are actually dangerous and can be abused