Re: Security concern with ping?

From: Alexander Clouter (alex_at_digriz.junk-this.org.uk)
Date: 03/27/04

• Next message: wesley: "Re: Networking Problem"
• Previous message: Alexander Clouter: "Re: Is Bandwidth control possible on Linux?"
• In reply to: Phisherman: "Security concern with ping?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Date: Sat, 27 Mar 2004 17:02:42 +0000

On 2004-03-22, Phisherman <nobody@noone.com> wrote:
> I have my linux box properly running squid and Jay's Firewall. Its
> main purpose is to provide internet access (with some security) via
> ethernet cables for Windows machines. After running a few internet
> tests (from www.grc.com and Symantec) I see that the internet can
> successfully ping the IP address. All other ports are in stealth
> mode. Why may it be important to allow the internet to ping my
> temporarily-assigned IP address? Should I be concerned about allowing
> the internet (hackers) to ping me? If so, is there an iptable command
> to hide a ping? I usually get a newly assigned IP address once or
> twice a day, if that makes any difference.
>
As one of my collegues joked:

"arrgghhh I am scared burglars are going to break into my house and steal
things. To prevent this I will.....destroy all the maps in the world..."

If a port is closed (stealthing ports its pointless, it does not slow down
portscans if skiddie decides to use a stateless portscanner) then nothing can
be done to hack your computer.

Ping'ing is _very_ useful and the advantages of having it available outweigh
the disadvantages. To make the situation worse personal firewalls decide
"ping == icmp" outright and kill a stack of useful informative ICMP packets
which prevent Path-MTU taking place :-/

As for the security conslutant (typo....?) Steve Gibson, just look up 'GRC
Sucks' on google and also search for 'Steve Gibson' on the Register[1], the
bit about broken syncookies is so funny.

As for the personal firewall/antivirus world, they rely on you to have fear,
otherwise you will not by their products; if you are not scared about
virus/trojan/skiddie attacks then why would you buy their software?
Antivirus software is useless, particularly in an enterprise environment
(changing to use a alternative e-mail client is far more effective) and
firewalls should run on dedicated hardware that is not a workstation or runs
any services......

Regards

Alex

[1] http://www.theregister.co.uk/

---

• Next message: wesley: "Re: Networking Problem"
• Previous message: Alexander Clouter: "Re: Is Bandwidth control possible on Linux?"
• In reply to: Phisherman: "Security concern with ping?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)