I come across this web site:

http://www.muabanraovat.com

and when do a ping on them, nothing show up. But they still accessable via browser.

How they do it?

It's possible they are denying the ping requests to prevent DOS attacks and such

ping square-network.com

Simple firewall block. Simple way to prevent DOS attacks by people that don't know what they're doing. There's ways to DOS without it, but it keeps the kids away.

Originally posted by Coach
ping square-network.com

Simple firewall block. Simple way to prevent DOS attacks by people that don't know what they're doing. There's ways to DOS without it, but it keeps the kids away.
I received a Request Timed Out 100% Loss of 4 packets sent is that because of your block? I always thought that it mean that the host had a crappy network! So getting that result from a ping might just mean they're blocking pinging? Man you guys make this harder for us civilians to understand! :)

Originally posted by VNPIXEL
I come across this web site:

http://www.muabanraovat.com

and when do a ping on them, nothing show up. But they still accessable via browser.

How they do it?

Its an iptable rule:

http://www.linuxguruz.org/iptables/howto/iptables-HOWTO-6.html

so what is the benefit of doing iptable or ipchains? Just to prevent from DOS attack?

Originally posted by arpmn
I received a Request Timed Out 100% Loss of 4 packets sent is that because of your block? I always thought that it mean that the host had a crappy network! So getting that result from a ping might just mean they're blocking pinging? Man you guys make this harder for us civilians to understand! :)



so what is the benefit of doing iptable or ipchains? Just to prevent from DOS attack?

This is done for for security reasons. If someone wants to ping our network to see response times I'll set up a time with them to drop the firewall so that they can run tests. Same thing with a traceroute.

Basically, the (simple) thinking is that if your server is invisible to would be script kiddies the more secure you are. Now this method is a *very* simple approach to lessening a DOS attack, however it shouldn't be the only measure you take. Closing all ports on a box besides the ones that are actually in use for legitimate reasons (ie port 80, etc) is another step. Then you have to take additional measures as well.

I don't think any server is ever 100% safe from an attack, but as a server administrator you have to take all the precautions you can. Updating the latest patches etc.

It is because of server admins that didn't take security seriously that the Slammer Worm took out so many sites on the Net.

So, just because you can't ping a site, don't think that the network sucks. It's just a host that takes security seriously. However, just because you *can* ping a box, don't think that the host isn't securing their boxes. Everyone has different ways of doing the same thing.

Maybe, you was see site cache on your hdd.

Try:

ping www.microsoft.com

You'll find you get the same result.

Originally posted by VNPIXEL
so what is the benefit of doing iptable or ipchains? Just to prevent from DOS attack?

Basically, you can block all non vital ports. So you can have web, ftp, mail, ssh, dns open and every other port closed.

Also if you are getting DoSed (DoS, not DDoSed), and you manage to find the source IP, you can choose to drop the IP. Good thing aobut that is, instead of replying to the ping, it will "drop" it and not send a ping back saying port is closed. It will reduce your b/w during a DoS attack. Traffic only comes in, not out as well.