[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: pingd >> Should it be ported on Debian??

Robert Davies wrote:

> I'd say it's not worth doing because, TCP wrappers really is designed for
> authorising connections, and with ICMP you do not have a TCP connection
> between Source IP/port and Destination IP/port, so you cannot use ident or
> similar.  It sounds a broken idea, you don't use wrappers for authorisation
> of UDP protocols for instance, without the 3-way handshake there's no
> defense against packets with spoofed source addresses.
>
> But perhaps this daemon is actually  providing a  different service,
> allowing test of inetd and higher levels of stack (not unknown for a machine
> to respond to ping, even if it's hung).  Even then I'm not sure what value
> it has, as if you run a web server for instance, your best check that it's
> up and available, is to use expect(1) and telnet onto port 80.
>
> Rob
>

I beleive that the author wrote this deamon to be resistant to ping floods and
buffer overflows and whatever other ICMP exploit there is. It probly would be
better to re-write the ICMP core of the kernel to be more deffensive against
these issues. I would gladly do it, but I'm afraid that I'm a code compiler and
not a code writer. Thats why I was hoping this "pingd"  deamon could do it for
me.

Thanks, it makes more sense to use the TCP wrappers for managing
connection-orientated protocols. I completely forgot about filtering ICMP on my
host with the use of NetFilter.

Time to read more documentation....


Stef
Reply to: