Disable ICMP echo (ping) responses in Linux

Contributor Icon Contributed by qmchenry Date Icon September 5, 2003  
Tag Icon Tagged: Linux networking

Many malicious attacks begin with a ping scan. Disabling ICMP echo requests prevents your system’s discovery with a ping.


As superuser, add the following lines to /etc/sysctl.conf

net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_echo_ignore_all = 1

Then run the following command to cause the change to take effect immediately:

sysctl -p

This change will persist following a reboot.

Previous recipe | Next recipe |
 
  • Anonymous
    But that would stop pings altogether. If you have a monitoring service, this would hurt you. You would never know if your server went down.

    I would suggest installing APF fire wall, then do this:
    pico -w /etc/apf/conf.apf

    Change this:
    IG_ICMP_TYPES="3,5,11,0,30,8"

    To this:
    IG_ICMP_TYPES="3,5,11,0,30"

    So, if you have a monitoring service, add the monitor's IP to the alallow_hosts.rules file.

    THEN:
    service apf restart


    That would block pings from all outside sources except the IP's you explicitly allow.
  • Anonymous
    Just have your monitoring service try to connect to an open port (FTP, POP3, SMTP, WEB, SSH, Etc.) instead of going through the trouble of installed firewall software and configuring it. I use hyperspin.com and they can try to connect to a specific port instead or in addition to a classic ping.
  • Guest
    thanks for the tip! complete newbie to Linux but managed to get 100% stealth enabled in the firewall....
    using your tips page.. only had to disable ping to achieve it! thanx again! :P
blog comments powered by Disqus