Date: Mon, 27 Oct 2003 09:26:20 -0700 From: Brett Glass <brett@lariat.org> To: Jarkko Santala <jake@iki.fi>, Kris Kennaway <kris@obsecurity.org> Cc: security@freebsd.org Subject: Re: Best way to filter "Nachi pings"? Message-ID: <6.0.0.22.2.20031027092251.04ad3dd8@localhost> In-Reply-To: <20031027120642.A96390@trillian.santala.org> References: <200310270731.AAA23485@lariat.org> <20031027080240.GA9552@rot13.obsecurity.org> <20031027110203.B96390@trillian.santala.org> <20031027093435.GA6111@rot13.obsecurity.org> <20031027120642.A96390@trillian.santala.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 03:17 AM 10/27/2003, Jarkko Santala wrote: >Blocking >all ping packets to improve security is nothing more than security through >obscurity. It may hide your system against the simplest ping probes, but >it does nothing to improve security as such. In our case, there's a more compelling reason. Some of our customers' system administrators have utilities which ping their servers from their home Internet connections to make sure everything's working. If I were to block pings, all of these guys' (and gals') pagers and cell phones would go off at once. I'd be beseiged with demands to remove the block immediately. --Brett
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.0.0.22.2.20031027092251.04ad3dd8>