Stop blocking ping already!
Jul. 19th, 2006 04:50 pm![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
jon787.livejournal.com posting in ![[community profile]](https://www.dreamwidth.org/img/silk/identity/community.png){kind=small}
techrecoveryI don't care that you just read a column by *insert techno weenie* saying otherwise, ICMP Echo Request packets are not a security risk. Especially on the fscking LAN! Firewalling off ping only serves to annoy your sysadmin when he needs to do a quick check of network connectivity.
Its not that we don't have tools to do it anyway, its just that they only work from another machine on your subnet:
On a side note, try arping 192.168.0.1 or other common router IP from the box hooked up to your cable/dsl modem sometime, its fun :)
# ping 192.168.0.7 PING 192.168.0.7 (192.168.0.7) 56(84) bytes of data. --- 192.168.0.7 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2008ms
Its not that we don't have tools to do it anyway, its just that they only work from another machine on your subnet:
# arping 192.168.0.7 ARPING 192.168.0.7 from 192.168.0.35 eth0 Unicast reply from 192.168.0.7 [00:20:E0:6B:9C:F7] 0.745ms Unicast reply from 192.168.0.7 [00:20:E0:6B:9C:F7] 0.751ms Unicast reply from 192.168.0.7 [00:20:E0:6B:9C:F7] 0.738ms Sent 3 probes (1 broadcast(s)) Received 3 response(s)
On a side note, try arping 192.168.0.1 or other common router IP from the box hooked up to your cable/dsl modem sometime, its fun :)
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}