[CentOS] internet connection tester script

Fri Jan 28 12:40:22 UTC 2011
Nico Kadel-Garcia <nkadel at gmail.com>

On Fri, Jan 28, 2011 at 7:19 AM, John R Pierce <pierce at hogranch.com> wrote:
> On 01/28/11 3:28 AM, kellyremo wrote:
>> bix.hu and www.yahoo.com are "pingable" test sites.
>> 127.0.0.1 could not be pinged [firewall drops all icmp]
>
>
> what sort of firewall drops packets on localhost ?!?
>
> yahoo.com is probably a poor choice of targets, as its a widely
> distributed group of servers, and you likely will be pinging different
> servers at different times, maybe even in different parts of the world.
> I would instead suggest using a target at your ISP or backbone provider.

But it's therefore *very* robust, and less likely to have a particular
host drop out.

If you'd like to be paranoid, it's sometimes handy to do a DNS lookup
first on your target, and ping the local gateway. those steps can be
automated from your local network configuration, they can *read* your
local configuration so they work on all hosts you manage, and if
things start failing, you can then have it run a "traceroute" against
the target.

It also carries some classic attack vectors, such as the "smurf" attack.

> btw, dropping 'all icmp' is bad practice.  Internet Control Message
> Protocol is used for a number of things, including informing
> applications when a host or port is not accessible.  if you drop this,
> you instead hang for minutes waiting for a response instead of quickly
> getting back a 'target {host|port} not reachable' error.
>
> anyways, if you drop all ICMP, you won't get any pings from anywheres.

Yup. That's why it's common to drop at external firewalls and blocked
by NAT from reaching inside your network, to protect less thoroughly
protected and critical hosts from distributed denial of service (DDOS)
 such as the now classic "ping flood" attack. There is generally no
good reason to allow external ICMP packets into your local network,
except maybe to allow an external monitoring system or VPN connection
to verify the presence of a few exposed hosts.