Re: have internet access, but cant ping router.

I always was able to ping without using suid before I modified my wifi to reject pings. But after I did that (and probably had some automatic updates too) I wasn't able to ping without using sudo. I could have set the suid bit to ping but I like ping the way it is.

and from Synaptic for iputils-ping: "Conflicts suidmanager"

Re: have internet access, but cant ping router.

That's of course perfectly fine. I am just fairly sure ping was suid-root by default (of course that might have changed at some point...my machine is an old upgraded installation...haven't really paid attention to it as I prefer fping).

I'd still think the router settings are not be at play here (you could test this by temporarily reverting the router setting and testing ping again as user and with sudo)...my guess would be that you'd experience the same (user-no, sudo-yes).

suidmanager has been obsolete for a good while, the functionality is handled by dpkg-statoverride.

Re: have internet access, but cant ping router.

I'm certain ping was suid too, but it had to be some recent update that changed it or, somehow, changing the settings on my browser via FireFox reflected back to pings rights, because I never changed it.

Wasn't aware of that. Then my theory that the script removing suidmanager changed the permissions on ping isn't valid.

Re: have internet access, but cant ping router.

Check which groups your user belongs to. Here, in my Maverick running KDE 4.5.5, I can run ping without sudo.

Re: have internet access, but cant ping router.

See Re: ubuntu-eee ping: icmp open socket: Operation not permitted
Which provides:

Re: have internet access, but cant ping router.

Thanks Snowhog (although we already covered that earlier in the thread ).

We were just pondering why Greygeek's ping wasn't suid-root.

Re: have internet access, but cant ping router.

Actually, I was still wondering why he thought that turning off ICMP echo on the router would make it "totally stealth" and not actually make his presence more obvious.

Re: have internet access, but cant ping router.

Well...sending an echo reply to an echo request confirms there is something there, so I don't see how not sending it makes a host/router more obvious than that.

...
Still, I do think that dropping echo requests is overkillish in most cases.

Re: have internet access, but cant ping router.

Not responding to an echo request does confirm that you are there. That is my point.

I'm not an expert so I just did a quick "Google" and here is one explanation which would take my side of that argument:

So, in the end it just makes you stick out from the crowd.

Re: have internet access, but cant ping router.

I follow you completely, but my point was that it doesn't make it any more obvious than an actual echo reply.

Yes, but a host/router that does not drop echo requests gives back an actual reply (and not a "host unreachable" message what you get from non-existant hosts), you can test by pinging www.google.com:

Re: have internet access, but cant ping router.

We're in complete agreement as far as I can tell. GG is calling it "stealth" and I'm calling it not. I am also saying that this, so called, stealth just makes your network presence different - not invisible. I agree that it is not more obvious.

It would seem to me that the difference in where the "host unreachable" message is coming from is the key. Is that not right?


Edit: I checked back and now realize that I actually said "more obvious" earlier. Sorry, that was an exaggeration. I just meant to indicate that it made it less common, or special case, rather than looking like the run-of-the-mill network presence.

Re: have internet access, but cant ping router.

http://www.ping127001.com/pingpage.htm
From the RFC792:
The question is: when your IP address is pinged and you have your wireless router ping echo turned off, what messages are sent by your computer and what messages are sent by your ISP's gateway, to which your computer is connected?

The ping packet arriving at your computer has an icmp_seq number and a ttl number. The first is a "packet number" which the source of the ping can use to determine if the destination is getting all the packets being sent to it. The second is a value, usually initially set to 64, which is decremented by each host along the route the packet travels on its way to the destination, in order to keep unanswered pings from being echoed around the internet forever and clogging it up.

As I understand it, when a ping is sent to a computer/router with ping echo turned off does the computer still communicate in some other way with the ping source? No. Normally, the source and destination addresses from a ping packet are reversed and formed into an echo packet which is sent back to the source, along with the icmp_seq value so the source will know which ping packet the destination is responding to. (since ICMP uses IP, ICMP packet delivery is unreliable).

IF a human is pinging an IP address from their computer and the ping returns "Destination Host Unreachable" is that message coming from the destination computer? No. The ping command is displaying it because it didn't get any echos from the target computer (exit code 1), not because there is a computer there but it is not talking. If you are running a wireless router ping 192.168.1.X, where X is some number which is not presently leased. You will get "Destination Host Unreachable", but there is no computer at X. The presence of a computer at the destination IP address can be INFERRED be examining packets from the ISP router to which the destination computer is networked with, but that is more than most bad guys can do and something that ping does not do.

Ping my IP address: 24.223.246.8 and tell me if you think my computer is on but not responding or is turned off (IOW, my ISP has not leased an IP address so my computer is not in their routing table).
Include the time you did your ping test.

Re: have internet access, but cant ping router.

Thanks for the links. I find ping both useful and interesting, but there is much to learn. I read different things on the net about stealth, and the best advice I can find seems to indicate that it doesn't matter one way or the other.

I've been playing around with it and it seems that most destinations either send a "destination unreachable" response or, if they are down, the router my side of it does. I get your point though, it is variable, so difficult to interpret. How to actually tell is still (and may remain) beyond me.

Interesting. That has not been what I have seen before, but I haven't looked at many situations yet. Actually, now that I try it, that's exactly what I get when pinging computers at home which are not on. Perhaps if there was a live lease (I don't generally use DHCP) I would get the "destination unreachable" message.

Re: have internet access, but cant ping router.

If that is the IP of your router (that acts as a gateway between the internet and your host/LAN), pinging it will only reveal the status of the router, not the status of the computers on the LAN side.

If your router is down, the previous hop (likely one of your ISP routers) should return a "host unreachable" message, and when the router is online you'll get either an echo reply (if ICMP is not blocked) or nothing (if ICMP is blocked).

There are some variables to how things go, of course, some ISPs that do some ICMP blocking of their own, and router and network configuration also affect ping operation.

Your internet shouldn't work if you're not in a routing/forwarding table somewhere.

Re: have internet access, but cant ping router.

True, but that wasn't the question. IF my computer is on and echoing pings to my IP address someone can rightly deduce that they have contacted my machine and that it does exist. Ditto for specific port probes. The ping was directed to my IP address via the routing table entry created by my ISP, on their servers, when they leased that IP address to me. BUT, if my machine (or more specifically my wireless routher) does not echo pings then no packet is returned to the machine sending out the ping, so no conclusion can be made as to whether a machine exists at that IP address or not.

Ole Juul's reply of without any other msgs is what his ping should give. Juul was given no information to indicate that there is a real, live working computer at 24.223.246.8 or that it is an unused IP address with no machine or router present. In this situation my ISP's server did NOT reply with "host unreachable", or any other msg, even though my network has been up continuously for almost a month. The only way for Juul to see if there was a machine at my IP address is for him to hack into my ISP's server(s) and view the routing table OR account for all the packets traveling in the trunk to which I am attached.

The RFC792 states:
My computer (or router) was the "destination host", but the datagram (ping packet) WAS delivered and given to the ICMP_ECHO protocol, which merely dropped it because echoing was turned off. My computer had no need, nor did it, respond with some "destination unreachable" message. To do that it would have had to get the source and destination IP addresses from the ping packet, create a reply packet (but not an echo packet) with the addresses reversed, the icmp_seq number to show the ping program which packet was being replied to, and decrement the value of the ttl so as not to clutter the network. Where is the RFC for such a response to the ping? And, wouldn't such a respond nullify turning off the ping echo if that packet included everything the echo would have included? Ergo, those messages are responses given by the source's ping program as a result of exit codes specified by RFC792.