Joel Eusebio wrote:
> Hmmm I use it on my proxy server that masquerades my private ip. One
> disadvantage is that you can't use monitoring software's like
> "whatsup" that uses ICMP for querries. :)
> On Thu, 7 Dec 2000, Jimmy Lim wrote:
>
> > Hi! What are the advantages and disadvantages of using 'echo "1" >
> > /proc/sys/net/ipv4/icmp_echo_ignore_all'?
> >
> > I do this just because of protecting my box from D.O.S.
> >
for obvious reason, you dont want to be pingable but still traceable (traceroute),
protect from DOS (but icmp rate limting will do the trick which most of the OSes
aside from linux are doing this kind of trick) and acting as a stealth from newbie
hacker (using ping tool to detect what hosts are alive for a given subnet). those are
the advantages.
disadvantage, you cant monitor your host for any tools that is using ping protocol.
to solve this issue, turn it off and let the ipchains pass ping packets what source
ip address that you will allow and the rest will be drop.
fooler.
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
