Help: No Ping

Printable View

01-02-2008, 12:48 PM
unix

Help: No Ping

Hello,

How to avoid others use the command "ping" to scan my computer? My Linux
is RHEL 3. I assume that I should use iptables.

Thank you very much~

Regards,

Amy Lee
01-02-2008, 12:53 PM
unix

Re: Help: No Ping

On 2008-01-02, Amy Lee <openlinuxsource@gmail.com> wrote:[color=blue]
> How to avoid others use the command "ping" to scan my computer?[/color]

Block icmp type 8 (echo-request)
Davide

--
One distinguishing characteristic of BOFHen is attention deficit disorder.
Put me in front of something boring and I can find a near-infinite number
of really creative ways to bugger off.
-- ADB
01-02-2008, 01:14 PM
unix

Re: Help: No Ping

On Wed, 02 Jan 2008 13:53:18 +0100, Davide Bianchi wrote:
[color=blue]
> On 2008-01-02, Amy Lee <openlinuxsource@gmail.com> wrote:[color=green]
>> How to avoid others use the command "ping" to scan my computer?[/color]
>
> Block icmp type 8 (echo-request)
> Davide[/color]
Thank you. But can you tell me more details and how to execute this
command?

Amy
01-02-2008, 01:18 PM
unix

Re: Help: No Ping

Am Wed, 02 Jan 2008 21:14:26 +0800 schrieb Amy Lee:
[color=blue]
> On Wed, 02 Jan 2008 13:53:18 +0100, Davide Bianchi wrote:
>[color=green]
>> On 2008-01-02, Amy Lee <openlinuxsource@gmail.com> wrote:[color=darkred]
>>> How to avoid others use the command "ping" to scan my computer?[/color][/color][/color]
^^^^^^^^^^^^^^
You don't need icmp to scan a target.[color=blue]
> Thank you. But can you tell me more details and how to execute this
> command?[/color]

iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
What is wrong with scanning?

cheers
01-02-2008, 01:21 PM
unix

Re: Help: No Ping

On 2008-01-02, Amy Lee <openlinuxsource@gmail.com> wrote:[color=blue]
> Thank you. But can you tell me more details and how to execute this
> command?[/color]

There is an extensive documentation on iptable, a search with
google will return you a lot of example that could best suit your needs,
in short, something like

iptables -A INPUT -p ICMP --icmp-type 8 -j DROP

should be enough for what you need

--
When you need a helpline for breakfast cereals, it's time to start
thinking about tearing down civilisation and giving the ants a go.
--Chris King
01-02-2008, 03:33 PM
unix

Re: Help: No Ping

On Wed, 02 Jan 2008 13:18:06 +0000, Burkhard Ott wrote:
[color=blue]
> Am Wed, 02 Jan 2008 21:14:26 +0800 schrieb Amy Lee:
>[color=green]
>> On Wed, 02 Jan 2008 13:53:18 +0100, Davide Bianchi wrote:
>>[color=darkred]
>>> On 2008-01-02, Amy Lee <openlinuxsource@gmail.com> wrote:
>>>> How to avoid others use the command "ping" to scan my computer?[/color][/color]
> ^^^^^^^^^^^^^^
> You don't need icmp to scan a target.[color=green]
>> Thank you. But can you tell me more details and how to execute this
>> command?[/color]
>
> iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
> What is wrong with scanning?
>
> cheers[/color]

Thank you. And I wanna know if I enable this strategy whether it will
influence anything else.

Regards,

Amy
01-02-2008, 03:44 PM
unix

Re: Help: No Ping

Hello,

Amy Lee a écrit :[color=blue]
>
> How to avoid others use the command "ping" to scan my computer? My Linux
> is RHEL 3.[/color]

You can't scan a host with ping. You can just learn it's there, but
there are many other methods.
[color=blue]
> I assume that I should use iptables.[/color]

You don't need iptables for this. You can just instruct the kernel to
ignore ICMP echo requests :

echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
or
sysctl -w net.ipv4.icmp_echo_ignore_all=1

This can usually be made persistent across reboots by adding the
following line into the file /etc/sysctl.conf :

net.ipv4.icmp_echo_ignore_all=1