About the ping command
Through the ICMP protocol, that is, the popular command ping We can know if a certain computer is alive on the network, if we have routes, I walk to it without problems.
So far it seems beneficial and it is, however like many good tools or applications, it can be used for harmful purposes, for example a DDoS with ping, which can translate into 100.000 requests with ping per minute or per second, which could crash the end computer or our network.
Be that as it may, on certain occasions we want our computer not to respond to ping requests from others on the network, that is, to appear not to be connected, for this we must disable the ICMP protocol response in our system.
How to verify if we have enabled the ping response option
There is a file in our system that allows us to define in an extremely simple way, if we have enabled the ping response or not, it is: / proc / sys / net / ipv4 / icmp_echo_ignore_all
If that file contains a 0 (zero), then everyone who pings us will get a response whenever our computer is online, however, if we put a 1 (one) then it does not matter if our PC is connected or not, it will appear not to be.
In other words, with the following command we will edit that file:
sudo nano /proc/sys/net/ipv4/icmp_echo_ignore_all
We change the 0 for 1 and we press [Ctrl] + [O] to save, and then [Ctrl] + [X] to exit.
Ready, our computer does NOT respond to the ping of others.
Alternatives to protect ourselves from ping attacks
Another alternative is obviously using a firewall, using iptables it can also be done without much hassle:
sudo iptables -A INPUT -p icmp -j DROP
Then remember, the iptables rules are cleaned when the computer is restarted, we must by some method save the changes, either through iptables-save and iptables-restore, or by making a script ourselves.
And this has been it 🙂
excellent contribution. Tell me, would it serve to avoid disconnection requests ??? like when they want to crack the network using aircrack-ng. I say because if apparently we are disconnected they will not be able to send us such requests. Thanks for the input
It doesn't work that way, this only blocks the icmp echo response, so if someone wants to test the connection with an icmp echo request your computer will do icmp echo ignore and therefore the person who is trying to test the connection will get a Response type "host seems to be down or blocking ping probes", but if someone is monitoring the network with airodump or some similar tool, they will be able to see that you are connected because these tools are analyzing the packets that are sent to the AP or received from AP
It should be noted, that it is only temporary, after restarting your pc it will receive pings again, to make it permanent, with respect to the first trick configure the /etc/sysctl.conf file and at the end add net.ipv4.icmp_echo_ignore_all = 1 and with respect The second tip is similar but more "Long" (Save Iptables Conf, make an interface script up that runs when the system starts, and stuff)
Hi. Could it be that something is wrong? or what could it be? because in ubuntu there is no such file ......
It was flawless as always.
A small observation, when closing nano is not faster Ctrl + X and then exit with Y or S
Respects
Excellent tip, @KZKG, I use the same tip among many others in order to improve the security of my PC and the two servers I work with, but to avoid the iptables rule, I use sysctl and its folder configuration /etc/sysctl.d/ with a file to which I attach the necessary commands so that with each restart they are loaded and my system boots with all the values already modified.
In the case of using this method, just create a file XX-local.conf (XX can be a number from 1 to 99, I have it in 50) and write:
net.ipv4.icmp_echo_ignore_all = 1
Already with that they have the same result.
Pretty simple solution, thanks
What other commands do you have in that file?
Any command that has to do with sysctl variables and can be manipulated through sysctl can be used in this way.
To see the different values that you can enter to the sysctl type in your terminal sysctl -a
In openSUSE I have not been able to edit it.
Good.
Another faster way would be using sysctl
#sysctl -w net.ipv4.icmp_echo_ignore_all = 1
As said, in IPTABLES you can also reject a ping request for everything by:
iptables -A INPUT -p icmp -j DROP
Now, if we want to reject any request except a specific one, we can do it in the following way:
We declare variables:
IFEXT = 192.168.16.1 #my IP
AUTHORIZED IP = 192.168.16.5
iptables -A INPUT -i $ IFEXT -s $ AUTHORIZED IP -p icmp -m icmp –icmp-type echo-request -m length –length 28: 1322 -m limit –limit 2 / sec –limit-burst 4 -j ACCEPT
In this way we authorize only that IP to ping our PC (but with limits).
I hope it is useful to you.
Salu2
Wow, the differences between users, while the windowseros talk about how to play halo or the evil within Linux boring the world with things like this.
And that is why Windowseros then only know how to play, while Linuxeros are the ones who really know advanced administration of OS, networks, etc.
Thank you for giving us your visit 😀
Coordiales Greetings
The theme of is very useful and helps to some extent.
Thank you.
when the windows find out about this you will see they go crazy
in iptables that you have to put the ip in the IMPUT and in the DROP something else?