[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: pingd >> Should it be ported on Debian??

On Mon, May 14, 2001 at 08:45:04PM -0600, Stefan Srdic wrote:
> I've found a very cool website thats security focussed. ( www.nmrc.org )
> 
> Anyway, the author of the site is working on a security focussed OS
> based on Linux.  One of the "improvements" that he has made was a ping
> deamon wich can be controlled via the TCP wrappers.
[snip]
> A deamon like this sounds very interresting, but would it be worth the
> increased latency in ICMP traffic? Also, could it be easily ported onto
> an existing Debian system?

A daemon to respond to selected ICMP requests would be simple to write.
I don't recall the RFC making any low latency requirements for ICMP either.

I'm not sure I see any great benefit from it though - the kernel still has
to understand ICMP (for port unreachables etc), so all it achieves is dropping
a few bits of ICMP response code from the kernel. ICMP filtering is doable with
ipchains etc anyway. Debian don't ship heavily patched kernels, so unless this
happened upstream it's unlikely to appear in Debian.

-- 
Colin Phipps                            http://www.netcraft.com/
Reply to: