On Fri, Jan 23, 2009, Lanny Marcus wrote:
On Fri, Jan 23, 2009 at 12:16 PM, John Doe jdmls@yahoo.com wrote:
Right now, we are blocking pings and traceroutes to our website. But, in order for our members to test the connection when they are experiencing slow browsing, we are thinking about unblocking them... Are there still any security issues (flooding, etc...) in enabling them or is that an old problem fixed a long time ago?
Our two web sites do permit ping. I like to ping them from time to time, for various reasons. Both have dedicated IP addresses. The one time one of our sites was attacked, years ago, was someone connecting to the POP3 server every second. Nothing to do with ping or traceroutes.
We generally allow ping at the sites we support, but don't rely on pings to test for systems being alive.
We test system status by doing an xmlrpc call to their web server which should return some useful information in addition to making sure that the system is actually responding to something useful (NICs may return pings even if the underlying system is hung).
Many of our customer's roaming users connect with their home system using OpenVPN, thus being able to access their systems where they might otherwise be blocked.
Bill