Patrick R. Wade wrote: > On Fri, Apr 12, 2002 at 01:28:46PM -0700, Bob Miller wrote: > > > >Patrick R. Wade wrote: > > > >> 4. EFN nameservers do not respond to ICMP, so pinging them will not tell > >> you that they are up. > > > >Why not? Ping is a useful and widely known tool, so why break it? > > I believe that the concern was that ping is also a useful and widely known > DoS tool, and that since there is only one service that box provides, it is > possible to test the box by testing the service...
Let's say I have a Windows box. (Eeeuuugh!) I can test its existence using ping from a DOS window. To test its existence using DNS, (I think) I'd have to delete all other DNS servers, install that one, reboot, look up a host, restore the other DNS servers, and reboot again. (Unless there's a Windows tool like dig or nslookup.) OTOH, ping seems like a pretty poor DoS tool to me. I just hit my box with 4 Mbit/sec of pings, and it slowed down 23%. 450 MHz Pentium II. I could do a lot more damage with 4 Mbit/sec of DNS queries. (-: -- Bob Miller K<bob> kbobsoft software consulting http://kbobsoft.com [EMAIL PROTECTED]
