Re: [tlug] Ping vs www server

[Curt Sampson <cjs@example.com>]

On 2008-04-17 19:05 +0900 (Thu), Josh Glover wrote:

> I think the idea is to simply not expose anything that is not
> necessary, as every service that accepts packets on your end is a
> possible attack vector.

Indeed. But I don't see a lot of people shutting down their web servers
because of this.

As you know, security is always a tradeoff. My opinion is that, in
general, disabling ping is a poor tradeoff; it hurts the bad guys very
little, if at all, and hurts the good guys much more.

> There are Other Ways to ping. :)

Indeed. Other, more difficult and slow ways that vary from host to host.

nmapping a network is neither cheap nor quick, compared to using ping.

cjs
-- 
Curt Sampson       <cjs@example.com>        +81 90 7737 2974   
Mobile sites and software consulting: http://www.starling-software.com