Re: [tlug] Ping vs www server

[Scott Robbins <scottro@example.com>]

On Thu, Apr 17, 2008 at 02:43:10PM +0900, Curt Sampson wrote:
> On 2008-04-10 17:33 -0400 (Thu), Scott Robbins wrote:
> 
> > Yes, I was simplifying.  My own scottro.net won't respond to pings
> > either.  
> 
> BTW, someone want to explain to me why people do this?
> 
> It's not as if it's going to stop any serious attacker, who's not even
> going to bother with ping, but go directly to trying attacks. However, it
> does do a good job of making debugging more difficult for the good guys.

In my case, I'd be doing any debugging from the console. It's a minor
security by obscurity, and I think the pf template with which I started
did it by default.  It wasn't worth the effort to change it. 
I never gave it much thought, at the time I first setup a web server,
one of the howtos I looked at probably recommended it.    

So, in this one particular case, it was more or less an uninformed
following of someone's recommendation.  

Were it a heavy traffic dedicated server, I'd probably give it more
thought. 


-- 
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6

Spike: Whatcha doin', love? 
Drusilla: I'm naming the stars. 
Spike: You can't see the stars, love. That's the ceiling. Also 
it's day. 
Drusilla: No, I can see them. But I've named them all the same 
name, and there's terrible confusion.