Comments on: Make Linux ignore a ping http://www.tech-recipes.com/rx/202/make-linux-ignore-a-ping/ Computer and technology tutorials and guides Sat, 21 Nov 2009 18:18:34 -0800 http://wordpress.org/?v=2.8.6 hourly 1 By: MacBaine http://www.tech-recipes.com/rx/202/make-linux-ignore-a-ping/comment-page-1/#comment-1618 MacBaine Thu, 14 Apr 2005 10:53:41 +0000 guid-fix-me!#comment-1618 No answer to an ICMP ping does not automatically mean, that your machine does not exist. If your machine would not exist, the last router _before_ your machine would send an ICMP not reachable message. Doing strange things with your ICMP config buys you absolutely nothing in respect to an attacker, but may easily make legitimate network use more difficult. E.g. look how MTU discovery works and how it does not because "wise" admins disallow their machines to send ICMP replys. Regards, Jim No answer to an ICMP ping does not automatically mean, that your machine does not exist.

If your machine would not exist, the last router _before_ your machine would send an ICMP not reachable message.

Doing strange things with your ICMP config buys you absolutely nothing in respect to an attacker, but may easily make legitimate network use more difficult. E.g. look how MTU discovery works and how it does not because “wise” admins disallow their machines to send ICMP replys.

Regards,
Jim

]]> By: bofh468 http://www.tech-recipes.com/rx/202/make-linux-ignore-a-ping/comment-page-1/#comment-24 bofh468 Mon, 10 Nov 2003 21:48:25 +0000 guid-fix-me!#comment-24 Even better: don't ignore ICMP echos: <code>sysctl -w net.ipv4.icmp_echo_ignore_all=0</code> do ignore ICMP echos: <code>sysctl -w net.ipv4.icmp_echo_ignore_all=1</code> sysctl -a will give you a nice list of values that you can tweak. If you're running a Redhat-based system, you can plop the desired values in /etc/sysctl.conf. Even better:

don’t ignore ICMP echos:
sysctl -w net.ipv4.icmp_echo_ignore_all=0

do ignore ICMP echos:
sysctl -w net.ipv4.icmp_echo_ignore_all=1

sysctl -a will give you a nice list of values that you can tweak.

If you’re running a Redhat-based system, you can plop the desired values in /etc/sysctl.conf.

]]>