Sunday, October 6, 2013

Disable ICMP ping responces on your linux box

Written by Unknown , at Sunday, October 06, 2013
Depends on the distribution you use you may be able to disable the ping responce in your box to add some complexity for the attackers or the 'bad guys'. In the video below i am going to show you how to append such configuration in your linux distro.
Disable ping reply
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
Enable ping reply
echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all
To make this permanent set the following into /etc/sysctl.conf
net.ipv4.icmp_echo_ignore_all = 1
ICMP Message Types
You can find more about ICMP here.

categories , , ,

2 people replied:

  1. Aniw8osOctober 8, 2013 at 2:58 AM

    The ICMP Echo protocol (usually known as "PING") is mostly harmless. Its main security-related issues are the folllowing :

    In the presence of requests with a fake source address aka spoofing, they can make a target machine send relatively large packets to another host. Note that a PING response is not substantially larger than the corresponding request, so there is no multiplier effect there: it will not give extra power to the attacker in the context of a denial of service attack. It might protect the attacker against identification, though.

    Honored PING request can yield information about the internal structure of a network. This is not relevant to publicly visible servers, though, since those are already publicly visible.

    There used to be security holes in some widespread TCP/IP implementations, where a malformed Ping request could crash a machine (aka Ping of Death"). But these were patched years ago and are no longer a concern.

    You can disable or block PING on publicly visible servers but being common is not the SAME as being recommended.
    www.google.com responds to PING requests BUT www.microsoft.com does NOT.
    Personally, I would recommend letting all ICMP pass for publicly visible servers.

    Some ICMP packet types MUST NOT be blocked, in particular the "destination unreachable" ICMP message, because blocking that one breaks path MTU discovery, symptoms being that DSL users (behind a PPPoE layer which restricts MTU to 1492 bytes) cannot access WEB SITES which block those packets (unless they use the Web proxy provided by their ISP).

    ReplyDelete
    Replies
    1. UnknownOctober 8, 2013 at 12:53 PM

      There are many network tools that work using just ICMP messages.
      Blocking ICMP is not always recommended as i said, depending on the environment.

      Delete

Subscribe to: Post Comments (Atom)
 
VoovodeNET | © 2013 Alex Gkiouros | Powered by Blogger