This one should be pretty self explanatory. If you have any sort of position regarding network security, do you allow ping requests from external IPs, or do you block them at the firewall/router level, and why?
My own personal choice, for home, is to leave them on. On for servers I use a firewall rule to deny any > 128 bytes. Also, a bot running on a box in China isn’t going to care if it can ping a box or not. Any nmap or vulnerability scanner can probe ports regardless of whether or not it’s responding to ICMP echoes. Disabling ICMP echoes will just cause a networking diagnostic headache later on. Am I wrong or missing something else? What do you guys think?
THIS IS NOT ANY SORT OF OS DEBATE! This is simply to discuss how some admins feel about best practices on the subject.
Related Posts: On this day...
- Your New Zombie Hammer! - 2012
- The Monster: the fraud and depraved indifference that caused the subprime meltdown - 2011
- HOWTO: Beat the London cops on a "terrorism" stop - 2010
- Tempers Flare as Recession Creeps into Tech Industry - 2009
- All The Secret Paypal & Ebay Email Addresses and Phone Numbers You Could Ever Want - 2009
- HOWTO: Achieve Transparent GTK Themes - 2009
- USocial CEO: "We're gaming Digg" - 2009