Mullen, Patrick wrote:
> I was thinking of writing a program which trapped ping requests,
> prompted the user (who would have to have superuser privs, of
> course) if they want to allow pings from the requesting host,
> and then respond if allowed and add the host to the "allowed
> hosts" list for future reference.
>
> Has this been done before?
I don't know of any program which prompts the user when a ping request
arrives. The closest is icmpinfo, which simply logs ICMP packets.
> What is the best way to do this? IINM, ping replies are
> handled by the kernel. Is there a way to keep the kernel from
> getting ping requests?
You can use IP firewalling (ipfwadm or ipchains) to block ICMP
packets.
> What is the best way of forwarding requests along to the normal
> handler if we decide to let it through?
>
> Will this require a kernel change, or can I do this all in userspace?
You can log all ping requests, using either icmpinfo, tcpdump, the
kernel's IP logging facilities, or custom code (using a raw or packet
socket), and then reply manually if you wish to accept the request.
--
Glynn Clements <[EMAIL PROTECTED]>
