Hi,

My host blocks pings and traceroutes in an attempt to protect against DDOS attacks.

Whats the merits of this approach?

Clearly the downsides are that it's a pain in the arse!!

Dan

SNORTSAM it nice IDS, it can help you.

Thats not really the question i'm asking.

It seems to me that blocking ping and traceroute is just a lazy way of protecting your system - if it's setup right then you shouldnt need to do that.

Is that right though? Or are there some good reasons for blocking ping/traceroute?

Dan

I will explain why it is being done like this...

1) What ever you do...No machine connected to network are 100% secure ..

It doesn't mean that we all are helpless.....I would say a good security planing ..will help

Every one should be proactive instead of reactive when its the case with information security...

Currently what your host has done is that ..they just masked their existence from network ( world wide web ) ....the good thing is that hackers will not identify the presence of such box in the network........which gives a upper hand in security.....

The bad thing is that...Most of the monitoring systems will not work ..if you disable ping ...

I would like to say .... A good security policy , regular security audit and Regular maintenance can save you ... .... :-D ...

Ok, i can see that that may help against random hackers / script kiddies... However the very act of what they do - picking a random IP, is going to mean it'll still get hit.

However, after reading all the documents about security I never saw it recommended to turn these services off.. So assuming you have your server setup correctly I still can't see why to do it.

As for monitoring services - if all the monitoring service checks is Ping, then thats not a very good service :)

I can assure you that no documents cover complete aspect about security....When securing a box..try to think like a hacker and view each state from his point of view ..it will help you to secure your box. more efficiently...

Yes. disabling ping and traceroute is just to hide the server identity .....

My advice to all is that .. ...Be PROACTIVE than REACTIVE when we are dealing with Information Security :-D

Most of hack script try to check the existence of the box and then try to find out the vulnerablities of softwares used by the box and use them to get an access to the server...once the access is gained its converted to root shell :-D using the same software vulnerabilities....so some Sysadmins suggest to disable ping and traceroute to get a small upper hand ...:-D...

A good security policy , regular security audit and Regular maintenance can save you :-) ..thats the only solution...

As long as they have fully secured the box and not just relied on security through obscurity then there should be no problem. It might give them a slight advantage of not being port scanned by every little 'l33t' n00b. :P

Ok, fair enough, it's just another tool in the armoury then!

Whats involved in a "Security Audit" Exactly? Can you get external people to do this? Do they just scan the box, or do they get given access, and have a poke around?

Depends, there are numerous programs out there that basically scan your system, and try to gain access using every known vulnerability for that system. At the end they would produce a detailed report of any services running which might be vulnerable & how to patch them.
A person doing this would probably use a program, and then their own little tricks for trying to gain access, then again they would give you a report at the end of problems, and what you need to do to get rid of them.

Ah, ok interesting, can you give me the names of some of these programs?

Try things such as
Safety Labs, Shadow Security Scanner (http://www.safety-lab.com)
Nessus (http://www.nessus.org )
Internet Security Scanner (http://www.iss.net)
They pretty much do most the work for you. I always liked SSS & Nessus. Never really liked ISS.
Take a look on sites such as
http://www.insecure.org/tools.html
http://www.Astalavista.net
http://www.Security-forums.com
for more information.

Regards.

excellent thanks!

http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=security+through+obscurity ;)