Question : Blocking ICMP without stopping DNS requests

I want to block outbound ICMP requests from my servers through my Cisco ASA 5510 as I think I have a virus somewhere.
When I create an Access Rule on the ASA to deny all outbound ICMP it prevents my dns servers from working. When I do an nslookup I get DNS request timed out.
Is there anyway of stopping ICMP without breaking DNS?
Thanks for your help.
Ian

Answer : Blocking ICMP without stopping DNS requests

You can block specific ICMP response types instead of all ICMP. To allow DNS to work, you'll want to allow:

access-list 100 extended permit icmp any any echo-reply
access-list 100 extended permit icmp any any source-quench
access-list 100 extended permit icmp any any unreachable
access-list 100 extended permit icmp any any time-exceeded

And block any other ICMP.

Random Solutions

How to solve the problem with the following error

Changed MX record and now getting various SMTP delivery errors

Generating a CSR for an SSL certificate for IBM HTTP Server on iSeries

New User Setup Request Forms / Access Request Forms

How do I configure multiple network connections on a single Windows 2000 workstation?

DOS parameter to force 100m/Full Duplex in Protocol.ini

Can't create new user with exchange mail

Netware 6.5 Migration

Veritas Backup Exec 9.0 Problems

NetWare installation problems