Let there be ping!

It’s amazing how many system administrators prefer to block ICMP pings. Many don’t even remember the classic justification for it – to prevent the Ping of Death attack: it was a concern some 10 years ago. So perhaps they are following the least privilege principle? Well, the principle is to take away unneeded access.

And this is where paranoia fails the admins. Ping is not a necessity but it’s bloody useful, for many reasons:

  • It’s very convenient way of checking connectivity – one that you can talk through over the phone, with an average user on the other end;

  • ICMP ping with increasing buffer sizes is actually the best way to troubleshoot MTU issues, stil occuring a lot (especially in the organisations that use excessive arrays of redundant firewalls);

  • The protocol doesn’t create much load on the system;

  • Ping monitors are good complement to application-aware availability monitoring systems;

  • And allowing ICMP ping to reach your system/network and monitoring its use is a very good basic honeypot. Every intrusion starts with exploration, and the first step of active exploration is usually a ping (as an initial stage of nmap). On the other hand, only sys. admins and other support personnel have legitimate need for using ping. So exceptions should raise questions.

Allowing ping is easy. This is how you do that in Windows Firewall:

Allowing ICMP echo requests in ICF

In enterprise firewalls, that’s not much harder. So I suggest – change your defaults to allow ping!

3 thoughts on “Let there be ping!”

  1. If people are still worried about the ping of death, one way to prevent it is to filter out all packets that are larger than your greatest MTU (typically 1500 for ethernet). Rate limiting would also help stop flooding attempts.

  2. >>>Many don’t even remember the classic justification for it – to prevent the Ping of Death attack

    It also prevents ICMP DDOS attacks, no?

  3. ICMP DDoS – who’s doing that now? No one. The best way to starve server resources is to use services that the server is designed to provide: request Web pages from a Web server, send SMTP mails, etc. It’s guarranteed to take more CPU resources, too.

Leave a Reply

Your email address will not be published. Required fields are marked *