That's why it's a good idea to block connections of all protocols into address ranges where an attacker might be able to host a service. Even on internal networks, if you are a corporation.
But it gets better than tunneling over ICMP: DNS tunneling. Pretty much all systems can talk to a DNS resolver. If it resolves arbitrary host names, you can set up a DNS for a zone you control and requests will end up there. With tools like iodine (requires root and a binary on the target), you can tunnel your traffic conveniently (and slowly).
I love iodine. When you're at a "free" wifi hotspot that needs an account (yet another company to take the security of your data so seriously that they upload it to an open S3 bucket), or you're on mobile data and out of credit, or whatever, iodine usually always works because as you say DNS is almost always allowed.
It's only a dozen kbytes/sec or so, but this is more than good enough for RSS, email, IRC, HN, ...
>That's why it's a good idea to block connections of all protocols into address ranges where an attacker might be able to host a service.
It's not a terrible idea, but it's pretty far down the list if things to do. It will stop mass scanners, but probably not any targeted attack unless you try REALLY hard (and then you have a chance of breaking your own infrastructure by accident doing this).
They should start with updating their ghostscript sometime over the last 10 years. Then maybe think about separating some parts of their infrastructure.
I mean, wow, that's really 2012 tech, looks like new owner d invested completely nothing since acquiring 4chan.