Disable PING command
___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Disable PING command
On 12:21 Thu 28 Aug , vkennon wrote: Why would you want to disable the ping command? Are you trying to prevent others from pinging you? If so, you need to filter out incoming ICMP packets. There are some other threads on the list pertaining to firewalling; you might want to search them. -- Matthew Graybosch http://www.starbreaker.net The best way to lose an argument is to throw the first punch. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Disable PING command
How would I go about disabling users command to ping? If need be I would be willing to just disable the ping command altogether as a last resort. _ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Disable PING command
On Thu, 3 Jul 2003, Nucking Futs wrote: How would I go about disabling users command to ping? If need be I would be willing to just disable the ping command altogether as a last resort. Well - anyone could compile a fresh version; or copy a version from another machine into his home dir or /tmp; but if you ignore that type of level of ability in your user a small obstacle would be: # ls -l /sbin/ping -r-sr-xr-x 1 root wheel 421060 Apr 28 15:49 /sbin/ping # chmod a-rx /sbin/ping which makes it executable only to the owner and those member of wheel. Which users generally are not. But ping is not exactly a dangerous command - so why worry about it ? Dw ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Disable PING command
- Original Message - From: Nucking Futs [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, July 03, 2003 1:43 PM Subject: Disable PING command How would I go about disabling users command to ping? If need be I would be willing to just disable the ping command altogether as a last resort. I'm guessing you could set the permissions on the binary file so that 'users' don't have permission? I don't know for sure but it seems like that might work. Others may have better suggestions. HTH, Drew ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Disable PING command
On Thu, Jul 03, 2003 at 04:53:17PM -0400 or thereabouts, Mykroft Holmes IV wrote: Nucking Futs wrote: How would I go about disabling users command to ping? If need be I would be willing to just disable the ping command altogether as a last resort. chmod 700 /usr/bin/ping (or /bin/ping) can't remember where ping lives. /sbin/ping Or you could just chmod u-s it... it needs SU privleges so if its not SUID, uses can't run it. At all. -- Josh Adam ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Disable PING command
Nucking Futs wrote: How would I go about disabling users command to ping? If need be I would be willing to just disable the ping command altogether as a last resort. Adverspam removed Good luck. All it takes is a user to port, transfere, compile, copy, move or hack in a ping command of their own. Any languages could be used, PERL, PHP, Python and much more. Your other option is to administratively block any and all traffic that might be created via the ping command so that it just gets dropped by the firewall. Of course there might be other ways around that too. HTH and good luck. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Disable PING command
On Thu, Jul 03, 2003 at 02:03:57PM -0700, K Anderson wrote: Good luck. All it takes is a user to port, transfere, compile, copy, move or hack in a ping command of their own. Any languages could be used, PERL, PHP, Python and much more. Well, it takes that along with making their copy SUID root, which they presumably can't do. wopr:~$ sudo chmod u-s /sbin/ping wopr:~$ ping wopr ping: socket: Operation not permitted wopr:~$ sudo chmod u+s /sbin/ping wopr:~$ ping wopr PING wopr.caltech.edu (131.215.103.10): 56 data bytes 64 bytes from 131.215.103.10: icmp_seq=0 ttl=64 time=0.240 ms -- Matthew Hunt [EMAIL PROTECTED] * Science rules. http://www.pobox.com/~mph/ * ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Disable PING command
On Thu, Jul 03, 2003 at 03:02:22PM -0700, K Anderson wrote: Well, all I have to do then as a user who can't run ping is get it from someplace else and just do ./ping in my home directory. Correct? Or even use a perl script to do it. If that's possible. No. Normal users can't create the raw sockets that ping needs to work. A ping executable, no matter where it came from, is not going to work unless it's suid root (or run by root). Normal users obviously cannot mark an executable suid root. The above example then becomes pointless and the poster did ask to disable it or get rid of it all together. Just shutting down the /sbin/ping isn't enough. That's all I am saying. :) You're wrong. You would be right if we were talking about lots of other programs, but not ping. -- Matthew Hunt [EMAIL PROTECTED] * Science rules. http://www.pobox.com/~mph/ * ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
