On Fri, Jan 23, 2009, Lanny Marcus wrote: >On Fri, Jan 23, 2009 at 12:16 PM, John Doe <jdmls@xxxxxxxxx> wrote: >> Right now, we are blocking pings and traceroutes to our website. >> But, in order for our members to test the connection when they are experiencing slow browsing, we are thinking about unblocking them... >> Are there still any security issues (flooding, etc...) in enabling them or is that an old problem fixed a long time ago? > >Our two web sites do permit ping. I like to ping them from time to >time, for various reasons. Both have dedicated IP addresses. The one >time one of our sites was attacked, years ago, was someone connecting >to the POP3 server every second. Nothing to do with ping or >traceroutes. We generally allow ping at the sites we support, but don't rely on pings to test for systems being alive. We test system status by doing an xmlrpc call to their web server which should return some useful information in addition to making sure that the system is actually responding to something useful (NICs may return pings even if the underlying system is hung). Many of our customer's roaming users connect with their home system using OpenVPN, thus being able to access their systems where they might otherwise be blocked. Bill -- INTERNET: bill@xxxxxxxxxxxxx Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way Voice: (206) 236-1676 Mercer Island, WA 98040-0820 Fax: (206) 232-9186 You know the one thing that's wrong with this country? Everyone gets a chance to have their fair say. -- Bill Clinton, May 29, 1993, The White House _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos