NTP, ntpdate, and ISP-based firewall
Alexander Dalloz
alexander.dalloz at uni-bielefeld.de
Fri Mar 5 01:03:24 UTC 2004
Am Fr, den 05.03.2004 schrieb Jeff Vian um 01:46:
[ snip ]
> > All these are good layers that do add to your security. Refusing to
> > answer pings doesn't really add much, and just makes your server seem
> > rude. ;)
> >
> so by your definition, these hosts are rude???? (many more examples
> available)
>
> [jeff]$ ping www.mysql.com
> PING www.mysql.com (66.35.250.190) 56(84) bytes of data.
>
> --- www.mysql.com ping statistics ---
> 7 packets transmitted, 0 received, 100% packet loss, time 5999ms
>
> [jeff]$ ping www.redhat.com
> PING www.redhat.com (66.187.232.50) 56(84) bytes of data.
>
> --- www.redhat.com ping statistics ---
> 6 packets transmitted, 0 received, 100% packet loss, time 5018ms
Dropping ping requests is one thing, blocking ICMP in toto another one.
With above hosts other ICMP types than those used by ping work. :)
Alexander
--
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 1 (Yarrow) on Athlon CPU kernel 2.4.22-1.2174.nptl
Sirendipity 02:00:23 up 14 days, 3:34, load average: 0.45, 0.34, 0.30
[ Γνωθι σ'αυτον - gnothi seauton ]
my life is a planetarium - and you are the stars
More information about the users
mailing list