[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fw: [cobalt-users] SMTP problems - HELP!

On Wed, 28 Jun 2000, Theodore Jones wrote:

> Is there anything that cobalt's OS relies on Ping for?

I don't think there's much of anything that really cares about ping
except network is-alive software..
> 
> ~ Theo
> 
> Dom Latter wrote:
> 
> > flash22@xxxxxxx wrote:
> > >
> > > hmm, i keep seeing silly admin's disable ping thinking it does something
> > > usefull....ok, here's 2 scenerios...
> >
> > We got stung by a very simple DOS attack using ping.  Friday night
> > they started pinging us, and as we were logging every one, some time
> > over the weekend /var had filled up.  So we could no longer accept
> > incoming mail.

och, tho this really points out a number of issues, why did cobalt put
logs on a small critical partition, why is syslog exempt from quota, 
(and why did you enable logging of pings at log syslog level;0)

log attacks are more common than people think...lotsa machines go spastic
when the disk fills up...

password attacks can fill up security logs as well, tho more slowly....

but logging network things has the potential of generating humungous
amounts of data...

still, you at least knew someone was screwing with you...

I really don't consider this something that disabling ping/echo reply
really addresses tho, people can generate nameserver errors that fill up
logs as easily....or many other weird things....

I guess my real problem with the no ping idea is it's kinda security
through obscurity, i usually see the arguments for it followed by, 'no one
can see that i am here (at this ip address) , the problem is, people
already know you are there ;0

g