[clug] Dropped icmp packets - means what?

Sam Couter sam at couter.dropbear.id.au
Fri Aug 22 17:31:36 EST 2003

Peter Barker <pbarker at barker.dropbear.id.au> wrote:
> Does the phrase, "Security by obscurity" ring a bell here? It should not
> matter whether they can detect you're there with a ping; if you fear being
> detected, resolve the cause of the fear. If you happen to have, say, an
> open RPC port, blocking pings is not going to help you :-)

But it increases the cost of any attack, and decreases the chances of an
attack being launched in the first place.

My exposed machine drops everything it didn't expect to see already
except for the small handful of services I choose to expose. An attacker
can waste quite a bit of time waiting for various attacks to timeout
before finding one of the services that are actually exposed, regardless
of the vulnerability of those services.

> ICMP is a useful tool. Removing a tool because it can be abused is not a
> good idea IMHO.

Nobody other than me needs to know if my machine is working or not.
Sam "Eddie" Couter  |  mailto:sam at couter.dropbear.id.au
Debian Developer    |  mailto:eddie at debian.org
                    |  jabber:sam at teknohaus.dyndns.org
OpenPGP fingerprint:  A46B 9BB5 3148 7BEA 1F05  5BD5 8530 03AE DE89 C75C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/linux/attachments/20030822/112e5b4c/attachment.bin

More information about the linux mailing list