On 2018-08-30 12:12 p.m., James Knott via talk wrote:
On 08/30/2018 12:04 PM, Alvin Starr via talk wrote:
There are other ICMP messages that can be used for probing like
timestamp(msg-13).
All around all disabling ping does for you is to make it harder for
your ISP or IT support people to see
On 08/30/2018 12:13 PM, Howard Gibson via talk wrote:
>I have been on a commercial site where the Windows laptops were
> administered remotely, from somewhere in the USA, I think. I don't
> know how secure they were. The company did not have particularly nasty
> security requirements, i.e.
On Thu, 30 Aug 2018 12:10:08 -0400
James Knott via talk wrote:
> How much security do you think you'll get in that coffee shop? I also
> have a notebook computer that has a firewall running, even when on my
> home network, behind a firewall.
James,
I expect no security at a coffee shop.
On Thu, 30 Aug 2018 12:04:34 -0400
Alvin Starr via talk wrote:
> There are other ICMP messages that can be used for probing like
> timestamp(msg-13).
> All around all disabling ping does for you is to make it harder for your
> ISP or IT support people to see if you are having network problems
On 08/30/2018 12:04 PM, Alvin Starr via talk wrote:
> There are other ICMP messages that can be used for probing like
> timestamp(msg-13).
> All around all disabling ping does for you is to make it harder for
> your ISP or IT support people to see if you are having network
> problems and the
On 08/30/2018 12:04 PM, Howard Gibson wrote:
>> Also, relying on NAT for security is a bad idea. It does nothing that a
>> properly configured firewall can't do.
> James,
>
> My regular laptop is a home computer that sits behind a commerical
> router most (not all) of the time. My Ubuntu
On Thu, 30 Aug 2018 at 11:57, James Knott via talk wrote:
> For example traceroute will simply time out if the device
> doesn't respond, but there is a route to it.
For a device that doesn't respond, traceroute only tells you that you
can get to the network that the device is on (you can
On Thu, 30 Aug 2018 11:46:42 -0400
James Knott via talk wrote:
> Also, IPv6 is now being used by many and NAT is discouraged on it. This
> means that, for example, Rogers customers will have public IPv6
> addresses. However, given that they have a minimum of 18.4 billion,
> billion addresses
On 08/30/2018 11:45 AM, Scott Allen via talk wrote:
> But what if you *don't* know someone lives at 1234 Bloor St. (and most
> of the residences on Bloor St. are vacant)?
That doesn't stop many burglars or squatters.
> If you knock on one of the doors (ping), you
> may get an answer, telling you
On Thu, 30 Aug 2018 at 11:17, Alvin Starr via talk wrote:
> I know someone is at 1234 Bloor St. but that does not help much with
> breaking in.
But what if you *don't* know someone lives at 1234 Bloor St. (and most
of the residences on Bloor St. are vacant)? Breaking into one that's
vacant
On Thu, 30 Aug 2018 12:24:31 -0300
Mauro Souza via talk wrote:
> You don't need to disable ping on your internal network, only at the
> router. Because of NAT, nobody can really ping your internal system.
>
> Try this. Keep ping enabled on your Linux, and in your router, run this on
> Linux:
>
On 08/30/2018 11:24 AM, Mauro Souza via talk wrote:
> Because of NAT, nobody can really ping your internal system.
There are many networks that do not use NAT. In fact, it's rarely used
on IPv6. Regardless, there are other ways of finding a router or
computer that do not use ping. Blocking
You don't need to disable ping on your internal network, only at the
router. Because of NAT, nobody can really ping your internal system.
Try this. Keep ping enabled on your Linux, and in your router, run this on
Linux:
sudo tcpdump -i any icmp
Now go to any "online ping service" and ping your
On 08/30/2018 11:17 AM, Alvin Starr via talk wrote:
> I know someone is at 1234 Bloor St. but that does not help much with
> breaking in.
> I still need a way to get past the front door.
Also, security through obscurity is not security.
---
Talk Mailing List
talk@gtalug.org
On 08/30/2018 11:00 AM, Howard Gibson via talk wrote:
> I am assuming that someone will use ping to search a network for interesting
> stuff. If the IP address does not respond to ping, the cracker will keep
> searching.
What happens if they ping an address behind the router. There are many
On 08/30/2018 11:00 AM, Howard Gibson via talk wrote:
Jamon,
I am assuming that someone will use ping to search a network for
interesting stuff. If the IP address does not respond to ping, the cracker
will keep searching. All the other ports are closed too. The security is not
Jamon,
I am assuming that someone will use ping to search a network for interesting
stuff. If the IP address does not respond to ping, the cracker will keep
searching. All the other ports are closed too. The security is not perfect,
but I am hoping to have escalated things beyond the
On Thu, Aug 30, 2018 at 7:48 AM, James Knott via talk wrote:
> On 08/30/2018 06:11 AM, o1bigtenor via talk wrote:
>> I have ping disabled directly on my router so none of the machines
My router software asks me if I want to allow or disallow pings from the www.
I have that box marked 'disallow'.
On 08/30/2018 06:11 AM, o1bigtenor via talk wrote:
> I have ping disabled directly on my router so none of the machines
> behind it can be accessed from outside.
How does disabling ping on a router prevent access to what's behind it?
Ping has nothing to do with routing.
---
Talk Mailing List
On 29/08/18 21:44, Howard Gibson via talk wrote:
>I am playing with my hack Ubuntu machine, and I am sorting out
> security. I want to disable ping. This is a laptop, and I want to
> document the application of aluminium foil.
Could you elaborate a bit about how disabling ICMP enhances
On Wed, Aug 29, 2018 at 10:58 PM, Howard Gibson via talk
wrote:
> On Wed, 29 Aug 2018 22:03:52 -0400
> Alvin Starr via talk wrote:
>> you could also do the following:
>>
>> sudo sysctl net.ipv4.icmp_echo_ignore_all=1
>
> Alvin,
>
>That's it. I saw instructions on the internet to update
On Wed, 29 Aug 2018 22:03:52 -0400
Alvin Starr via talk wrote:
> you could also do the following:
>
> sudo sysctl net.ipv4.icmp_echo_ignore_all=1
Alvin,
That's it. I saw instructions on the internet to update /etc/sysctl.conf,
but they did it wrong. Your command line works!
Thank
On Wed, Aug 29, 2018 at 09:54:15PM -0400, Jamon Camisso via talk wrote:
> On 29/08/18 21:44, Howard Gibson via talk wrote:
> > $ sudo echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
> > -bash: /proc/sys/net/ipv4/icmp_echo_ignore_all: Permission denied
'echo' is run as root, but
On 08/29/2018 09:54 PM, Jamon Camisso via talk wrote:
On 29/08/18 21:44, Howard Gibson via talk wrote:
I am playing with my hack Ubuntu machine, and I am sorting out
security. I want to disable ping. This is a laptop, and I want to
document the application of aluminium foil.
The
On 29/08/18 21:44, Howard Gibson via talk wrote:
>I am playing with my hack Ubuntu machine, and I am sorting out
> security. I want to disable ping. This is a laptop, and I want to
> document the application of aluminium foil.
>
>The standard ping disabler is the following line...
>
> #
25 matches
Mail list logo