[clug] Dropped icmp packets - means what?

Kim Holburn kim.holburn at anu.edu.au
Fri Aug 22 11:17:17 EST 2003

At 10:57 AM +1000 03/8/22, Peter Barker wrote:
>On Fri, 22 Aug 2003, Kim Holburn wrote:
>> Not at all.  If you are a server or a router answering a ping is usually
>> a good idea otherwise not answering is a good idea generally since there
>> are few good reasons to let most people on the internet know you are
>> there.
>Does the phrase, "Security by obscurity" ring a bell here?

There is a place for security by obscurity.  Anything that adds to the difficulty of attacking your system helps.  It certainly shouldn't be a major part of any security scheme.

>It should not
>matter whether they can detect you're there with a ping; if you fear being
>detected, resolve the cause of the fear. If you happen to have, say, an
>open RPC port, blocking pings is not going to help you :-)
>ICMP is a useful tool. Removing a tool because it can be abused is not a
>good idea IMHO.

ICMP is part of the "internet protocol"  I am not saying remove ICMP, just not answer pings.  Pings are one of the few user initiated parts of ICMP.  It IS important not to answer any of the other user initiated ICMP packets.  It is not important whether you answer pings or not but there are few legitimate reasons for pinging a non-server machine.

Kim Holburn 
Network Consultant - Telecommunications Engineering
Research School of Information Sciences and Engineering
Australian National University - Ph: +61 2 61258620 M: +61 0417820641
Email: kim.holburn at anu.edu.au  - PGP Public Key on request

Life is complex - It has real and imaginary parts.
     Andrea Leistra (rec.arts.sf.written.Robert-jordan)

More information about the linux mailing list