[GTALUG] Ubuntu -- Disabling Ping
D. Hugh Redelmeier
hugh at mimosa.com
Thu Aug 30 11:31:33 EDT 2018
| From: James Knott via talk <talk at gtalug.org>
| On 08/30/2018 06:11 AM, o1bigtenor via talk wrote:
| > I have ping disabled directly on my router so none of the machines
| > behind it can be accessed from outside.
|
| How does disabling ping on a router prevent access to what's behind it?
| Ping has nothing to do with routing.
1) OP's question was asking about a solution without stating a real
problem that needed solving. (See 2).
2) almost everyone's LAN is behind NAT so pings from the outside world
cannot even address LAN nodes. In other words, no problem exists.
3) obligtenor might have:
a) assumed the only place pings could be a problem would be on the
router itself (because it alone has a globally routable address)
and so addressed that problem
b) assumed that since the router is a gateway, it can filter pings
destined for LAN.
If you hook up the notebook to a hostile LAN or WAN, then the
solutions are different. But I think that pings are the least of your
worries. I guess your notebook could be an unwitting accomplice of a
DDOS attack.
Many people do think that depending solely on a firewall for network
security is a bad model. "Crunchy on the outside, soft on the
inside." Every node should be hardened. But what are you going to do
to harden you IoT devices (light bulbs, fridges, settop boxes,
thermostats, watches, ....)?
More information about the talk
mailing list