You can't configure net_connect not to send the ping but you can configure the message that's generated when the ping fails. Just make the level "clear" for the error message or select the "OK" message for the connection failed message in the configuration.
And the level of security that you gain in blocking ICMP is trivial if the server is otherwise reachable.
One thing, depending on whether these systems are capable of it or not is to add an additional "maintenance" network adapter that isn't reachable from anything other than the system that's running net_connect and use that to ping.
Someone who's already subverted your network enough to run a ping against a local address isn't going to be thwarted by a ping response failure. Blocking ping is kind of like adding a deadbolt to a screen door. Sure it's locked tighter but it's not going to slow someone down any more than not but it will make your life more onerous as you have to now deal with two keys to get in.....
Original Message:
Sent: 10-22-2021 07:17 AM
From: Eshwar K
Subject: Network connectivity monitoring in UIM
Thanks for your David,
As you suggested, I have enabled TCP monitoring on the server but still it's looking for the ping response as per the alarms. I have attached snippet below.
Does SNMPcollector probe uses ICMP response to track reachability of the server? if no, can we use SNMPcollector probe instead of net_connect? Please suggest!
------------------------------
Regards,
Eshwar
Original Message:
Sent: 10-20-2021 11:28 AM
From: David MICHEL
Subject: Network connectivity monitoring in UIM
Perhaps net_connect, it can monitor via TCP.
https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/ca-unified-infrastructure-management-probes/GA/alphabetical-probe-articles/net-connect-network-connectivity-monitoring/net-connect-network-connectivity-monitoring-release-notes.html
Original Message:
Sent: 10-20-2021 11:23 AM
From: Eshwar K
Subject: Network connectivity monitoring in UIM
Hello folks,
My customer has disabled ICMP (ping) option in the servers due to security vulnerabilities so we can't use net_connect probe to monitoring ICMP connectivity. Is there any other way to monitor connectivity of servers? Please suggest if any one came across this situation.
------------------------------
Regards,
Eshwar
------------------------------