Re: How to prevent system from replying to Ping (ICMP Echo) requests?

From: Agustin (verycoolman_at_mail.com)
Date: 09/29/04 

Date: Wed, 29 Sep 2004 14:28:03 +0200

On Tue, 28 Sep 2004 some very helpful guys wrote:

> In article <B4qdnSDaoMnqLsXcRVn-rA@comcast.com>, Kaptain Krunch wrote:
>>> Kaptain Krunch wrote...
>>>
>>> > Guess ping is no a threat? NOT! Ping of death can cause a computer or
>>> > router to lock... Large fragmented ICMP packets make a computer or
>>> > router unable to reassemble them.
>
> "Ping of Death" - a ping with an effective size over 64k, came out just
> after microsoft invented computer networking back in 1995, and was an
> easy way to kill windoze95 and NT3.* and 4.0. Microsoft finally managed
> to pull their finger out and fix it in mid-1997 if I recall correctly.
> None of the contemporary operating systems (Mac O/S, OS/2, Novell, *nix,
> or even Trumpet Winsock running on MS-DOS) were vulnerable.
>
> "overlapping IP fragments" was used in the 'teardrop' attack, and this
> effected windoze9x, NT, and Linux (possibly others) back in 1997. As far
> as I can find, microsoft fixed this in 2000.
>
> If you are still running ancient software that is vulnerable to those
> attacks, it's your problem. If it's modern (more correctly, "current")
> software and it's still broken in that respect, please post the names of
> the software company that supplied it so that everyone can avoid using
> products from such an incompetent supplier.
>

Hmm, yes... But I'm in fact running Debian Linux.

I do see the logic in not making one's system dead to the world so as not
to attract the attention of hackers, but how would they know?

Cheers,

Agustin