I can browse all the websites in my company work station, but not open the command prompt and ping any website. This has happened in 2 of my previous companies too. Do companies block ping?Why do companies do that ?
Answer
It has to do with the issues caused by it in the past ("Ping of death"), so some sites block it at the firewall level to avoid them:
On the Internet, ping of death is a denial of service (DoS) attack caused by an attacker deliberately sending an IP packet larger than the 65,536 bytes allowed by the IP protocol.
One of the features of TCP/IP is fragmentation; it allows a single IP packet to be broken down into smaller segments. In 1996, attackers began to take advantage of that feature when they found that a packet broken down into fragments could add up to more than the allowed 65,536 bytes. Many operating systems didn't know what to do when they received an oversized packet, so they froze, crashed, or rebooted.
Source: ping of death
Edit: There's even an issue called "Ping flood":
Ping flood is a simple denial-of-service attack where the attacker/s overwhelms the victim with ICMP Echo Request (ping) packets. It is most successful if the attacker has more bandwidth than the victim (for instance an attacker with a DSL line and the victim on a dial-up modem).
The attacker hopes that the victim will respond with ICMP Echo Reply packets, thus consuming both outgoing bandwidth as well as incoming bandwidth. If the target system is slow enough, it is possible to consume enough of its CPU cycles for a user to notice a significant slowdown.
No comments:
Post a Comment