How to keep a computer from answering to ping?
Goto page 1, 2, 3  Next  :||:
Networking/Security Forums -> UNIX // GNU/Linux

Author: igir3dsk1Location: 7h3 !n73rn37 :) PostPosted: Wed Dec 04, 2002 2:24 am    Post subject: How to keep a computer from answering to ping?
    ----
I have found this trick and would like to share it(It may be old for some of you).
Anyway:

type this command:

Code:
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all


And to put it back type this one:
Code:
echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all


I got it from here:
http://www.patoche.org/LTT/security/index.html

Please if you know another ones please share them.

Thanks<<<r3dsk1>>>

Author: flwLocation: U.S.A. PostPosted: Wed Dec 04, 2002 3:43 am    Post subject:
    ----
Or use a firewall and/or turn icmp off.

Author: delete852Location: Washington DC PostPosted: Wed Dec 04, 2002 3:50 am    Post subject:
    ----
Yea this is cool, I have known it for a while, in windows 2k pro, you can go and set up ipsec, to specifically deny, all ping requests to all ports. Its pretty cool. Check it out.

Author: gigsvoo PostPosted: Wed Dec 04, 2002 4:32 am    Post subject:
    ----
What are the consequencies not allow to be pinged?

Author: igir3dsk1Location: 7h3 !n73rn37 :) PostPosted: Wed Dec 04, 2002 4:50 am    Post subject:
    ----
Well it does not do nothing at all but if somebody ping you,it will seems that you are off-line and it will keep out somebdy.

<<<r3dsk1>>>

Author: flwLocation: U.S.A. PostPosted: Wed Dec 04, 2002 5:32 am    Post subject:
    ----
ping has several functions as follows from whatis.com:


Quote:
Ping is a basic Internet program that lets you verify that a particular IP address exists and can accept requests. The verb ping means the act of using the ping utility or command. Ping is used diagnostically to ensure that a host computer you are trying to reach is actually operating.

Ping can also be used with a host that is operating to see how long it takes to get a response back. Using ping, you can learn the number form of the IP address from the symbolic domain name

Author: igir3dsk1Location: 7h3 !n73rn37 :) PostPosted: Wed Dec 04, 2002 5:34 am    Post subject:
    ----
Is there a set of rule to hide you ports?

Author: gigsvoo PostPosted: Wed Dec 04, 2002 5:40 am    Post subject:
    ----
How do I specify who can ping me who cannot?

Author: flwLocation: U.S.A. PostPosted: Wed Dec 04, 2002 5:53 am    Post subject:
    ----
Quote:
How do I specify who can ping me who cannot?


This is ususally done at a firewall (wether on a PC or seperate piece of hardaware) or router. So you can setup and configure a router or just install/configure a firewall.

Author: gigsvoo PostPosted: Wed Dec 04, 2002 6:54 am    Post subject:
    ----
Ok. I am running a Linux with Psyche, how do I use the firewall to configure? Does that mean I have to specify the IP range will do the tricks?

Then I shall look into documentation on configuring firewall. So the port is ICMP right?

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Wed Dec 04, 2002 11:23 am    Post subject:
    ----
You are breaking RFC if you don't allow any pings though, although microsoft.com does this (not surprisingly).

It's usually best to accept 1 or 2 for each IP then block any more from them for say 30 minutes.

Author: gigsvoo PostPosted: Wed Dec 04, 2002 11:31 am    Post subject:
    ----
ShaolinTiger wrote:


It's usually best to accept 1 or 2 for each IP then block any more from them for say 30 minutes.


How to do this?
Very Happy

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Wed Dec 04, 2002 11:46 am    Post subject:
    ----
Read the funky manual associated with whatever firewall solution you have chosen to use.

Most firewalls allow an action following a give event, so in pseudo code.

Code:
On Ping from host, log host to host.log
Check host.log for number of pings
   If number of pings > 4
      Then run deny.sh script
   rm hosts.log
End


deny.sh would contain whatever is required to totally block an IP address from accessing anything from you and it would accept an argument (host).

There are plenty of ways to do this, this is just one idea I came up with.

ICMP doesn't use ports either, it's a protocol and has types (1-18 I think).

http://www4.ulpgc.es/tutoriales/tcpip/pru/3376c24.htm#icmp

I suggest you have a Google.

Author: gigsvoo PostPosted: Wed Dec 04, 2002 12:29 pm    Post subject:
    ----
Hi,

I think I am too wimp on UNIX/Linux security, do you mind if I ask for detailed explanations and steps??? Please... Sad

Author: Mongrel PostPosted: Wed Dec 04, 2002 5:16 pm    Post subject:
    ----
Blocking ICMP ( ping) helps eliminate all but the more determined crackers from breaking into your system.

Very often, they'll scan a block of IP addies for open ports. The process goes much faster if they tell the scanner not to scan all ports on addresses that do not reply to a ping.

They find the most obvious machines more quickly.

The more determined will scan for open ports even if the computer does not reply to a ping. They will find your machine anyway but you make them work a little harder for it.

Author: browolf PostPosted: Wed Dec 04, 2002 7:33 pm    Post subject:
    ----
delete852 wrote:
in windows 2k pro, you can go and set up ipsec, to specifically deny, all ping requests to all ports. Its pretty cool. Check it out.


i googled ipsec but it all seemed to be talking about iis and servers.
if i did this on my winxp computer on dsl would internet p2p still work?



Networking/Security Forums -> UNIX // GNU/Linux


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Goto page 1, 2, 3  Next  :||:
Page 1 of 3

Powered by phpBB 2.0.x © 2001 phpBB Group