× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



<snip>
Also it is required to smack all network admins who shut down ICMP and
then wonder why server admins are cranky.
</snip>
Amen! Alleluia!

Someone, a long time ago, in the infancy of the internet, published
something that pings and whatnot can be used as part of a denial of
service attack. Maybe, in the hands of a completely incompetent network
admin. However I wish this was now banned from the list of "best
practices". As much as certain people despise the NRA you would have
thought they would have used that to do such an attack on nra.org. No
political comments please. I simply used them as an example of a prime
target.
Gee acknowledging ping is also considered a risk because doing so lets
people know they hit a valid target. <sarcasm> In that case you should
probably also block http, https, telnet (also used by email) and any other
form of internet communication. </sarcasm>

<snip>
There used to be security holes in some widespread TCP/IP implementations,
where a malformed Ping request could crash a machine (the "ping of
death"). But these were duly patched during the previous century, and are
no longer a concern.
...
It is common practice to disable or block Ping on publicly visible servers
-- but being common is not the same as being recommended. www.google.com
responds to Ping requests; www.microsoft.com does not. Personally, I would
recommend letting all ICMP pass for publicly visible servers.

Some ICMP packet types MUST NOT be blocked, in particular the "destination
unreachable" ICMP message, because blocking that one breaks path MTU
discovery,...
</snip>
https://security.stackexchange.com/questions/4440/security-risk-of-ping

<snip>
Ping has been considered a security risk because merely acknowledging a
host's presence turns it into a potential target. For these reasons, many
systems provide means to disable the reply,[7][11] despite the fact that
RFC 1122 mandates hosts to always send a reply.
</snip>
https://en.wikipedia.org/wiki/Ping_(networking_utility)

Rob Berendt

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.