I recently took over monitoring for a customer using a Datto backup system with an on-premises box that replicates to the cloud. Everything was running smoothly until I noticed the Ubuntu box hadn't checked in. After an hour of troubleshooting and a reboot, we saw some pings during the restart but then nothing. It was strange, especially since we hadn't changed any firewall rules. When I contacted support, they informed me that the latest firmware update had disabled ICMP pings and there's no option to enable it again. It's frustrating because I relied on those pings for monitoring. Now, I'm left looking for alternative ways to ensure the backups are functioning without relying on email notifications, which is less than ideal since I wanted it to be a set-it-and-forget-it type of solution.
5 Answers
This might just be a move to assuage concerns from auditors who keep bringing up ICMP in penetration tests. They seem to think disabling it will score them better marks, but it doesn't really solve any security issues.
I've experienced issues with Datto appliances as well. At one point, they got so messed up that support said they would need to wipe both local and cloud backups to fix it. This is why I recently moved to Axcient x360, which is way more reliable and cheaper. If you're looking for alternatives, I recommend it. They even allow you to install their OS on some old Datto appliances!
I’m not against Datto, but if there are real risks like that, I'd definitely want to know more for future reference.
It seems like this change was made to improve security and make the device "stealthier". But let's be honest, if attackers really wanted access, they'd find a way around this. Even if ICMP is off, there are plenty of ports open that can be scanned. It's a bit of a security through obscurity tactic that might not be as effective as they think.
That's true! It's always good to evaluate what security measures truly protect the system versus just complicating monitoring.
Exactly! Disabling ICMP isn't the best solution for security; it just complicates legitimate monitoring.
Honestly, removing ICMP doesn't significantly enhance security. Attackers can still scan the device with tools like nmap. It's more of a headache for users since it reduces our ability to check the device health. They should have at least made it an optional feature instead of defaulting to disable it completely!
Totally agree! A stealth mode option would be way more user-friendly.
For sure! Giving users control over such settings would show they care about usability.
Like you said, if ICMP is completely disabled, it makes health checks a hassle. I’d prefer a system where I could enable or disable it based on needs, rather than being forced into one option. It's 2023 - we need options!
That sounds interesting! Do you have any links to specific examples where Datto had to wipe backups? I could use that for discussions with the team.