On Fri, Jan 23, 2009, Lanny Marcus wrote:
>On Fri, Jan 23, 2009 at 12:16 PM, John Doe <jdmls@xxxxxxxxx> wrote:
>> Right now, we are blocking pings and traceroutes to our website.
>> But, in order for our members to test the connection when they are experiencing slow browsing, we are thinking about unblocking them...
>> Are there still any security issues (flooding, etc...) in enabling them or is that an old problem fixed a long time ago?
>
>Our two web sites do permit ping. I like to ping them from time to
>time, for various reasons. Both have dedicated IP addresses. The one
>time one of our sites was attacked, years ago, was someone connecting
>to the POP3 server every second. Nothing to do with ping or
>traceroutes.
We generally allow ping at the sites we support, but don't rely
on pings to test for systems being alive.
We test system status by doing an xmlrpc call to their web server
which should return some useful information in addition to making
sure that the system is actually responding to something useful
(NICs may return pings even if the underlying system is hung).
Many of our customer's roaming users connect with their home
system using OpenVPN, thus being able to access their systems
where they might otherwise be blocked.
Bill
--
INTERNET: bill@xxxxxxxxxxxxx Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way
Voice: (206) 236-1676 Mercer Island, WA 98040-0820
Fax: (206) 232-9186
You know the one thing that's wrong with this country? Everyone gets a
chance to have their fair say. -- Bill Clinton, May 29, 1993, The White House
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
