Game da umarnin ping
Ta hanyar yarjejeniyar ICMP, wato, sanannen umarni ping Zamu iya sani idan wata kwamfutar tana raye a kan hanyar sadarwar, idan muna da hanyoyi, ina tafiya zuwa gare ta ba tare da matsala ba.
Ya zuwa yanzu yana da alama yana da fa'ida kuma yana da kyau, duk da haka kamar kyawawan kayan aiki ko aikace-aikace, ana iya amfani dashi don dalilai masu cutarwa, misali DDoS tare da ping, wanda zai iya fassara zuwa buƙatun 100.000 tare da ping a minti ɗaya ko kuma daƙiƙa, wanda zai iya faɗi ƙare kwamfutar ko hanyar sadarwarmu.
Kasance haka kawai, a wasu lokuta muna son kwamfutarmu ba ta amsa buƙatun ping daga wasu a kan hanyar sadarwar ba, ma'ana, don bayyana ba za a haɗa ta ba, saboda wannan dole ne mu musaki bayanin yarjejeniyar ICMP a cikin tsarinmu.
Yadda ake tantancewa idan muka kunna zaɓi na amsawar ping
Akwai fayel a cikin tsarinmu wanda zai bamu damar fassara ta hanya mai sauƙi, idan mun kunna amsawar ping ko a'a, shine: / proc / sys / net / ipv4 / icmp_echo_ignore_all
Idan wannan fayel din yana dauke da 0 (sifili), to duk wanda ya buge mu zai samu amsa a duk lokacin da kwamfutar mu ke kan layi, amma, idan muka sanya 1 (daya) to babu matsala idan PC din mu ya haɗu ko bai haɗu ba, zai bayyana ba zama.
A takaice, tare da umarni mai zuwa za mu gyara wannan fayil ɗin:
sudo nano /proc/sys/net/ipv4/icmp_echo_ignore_all
Mun canza 0 na 1 kuma mun danna [Ctrl] + [O] don adanawa, sannan [Ctrl] + [X] don fita.
Shirya, kwamfutar mu BATA amsa ga ping na wasu.
Madadin don kare kanmu daga harin ping
Wani madadin shine a bayyane yake ta amfani da bango, ta amfani iptables ana iya yin shi ba tare da matsala mai yawa ba:
sudo iptables -A INPUT -p icmp -j DROP
Bayan haka, ka tuna, ana tsabtace dokokin ɓoye lokacin da aka sake farawa kwamfutar, dole ne ta wata hanya mu adana canje-canje, ko dai ta hanyar ɓoye-ajiya da kuma dawo da kayan aiki, ko ta hanyar yin rubutun da kanmu.
Kuma wannan ya kasance 🙂
kyakkyawan taimako. Faɗa mini, zai yi amfani don kaucewa buƙatun cire haɗin ??? kamar lokacin da suke son fasa hanyar sadarwa ta amfani da aircrack-ng. Na ce saboda idan da alama mun cire haɗin ba za su iya aiko mana da irin waɗannan buƙatun ba. Godiya ga shigarwar
Ba ya aiki haka, wannan kawai yana toshe amsar amsar icmp, don haka idan wani yana son gwada alaƙar tare da buƙatar ƙira ta komputa kwamfutarka za ta yi watsi da ƙira kuma saboda haka mutumin da yake ƙoƙari ya gwada haɗin zai sami Nau'in amsawa "mai masaukin baki kamar yana kasa ko kuma yana toshe binciken ping", amma idan wani yana sa ido akan hanyar sadarwar da airodump ko wani kayan aiki makamancin haka, zasu iya ganin cewa an hada ku saboda wadannan kayan aikin suna nazarin jakunkunan da aka aika zuwa ga AP ko aka karɓa daga AP
Ya kamata a sani cewa na ɗan lokaci ne kawai, bayan sake kunna pc ɗinka zai sake karɓar pings, don mai da shi na dindindin, dangane da dabarar farko ta saita fayil /etc/sysctl.conf kuma a ƙarshen ƙara net.ipv4.icmp_echo_ignore_all = 1 kuma tare da girmamawa Shawara ta biyu tayi kama da haka "
Barka dai. Shin wani abu zai iya kuskure? ko menene zai iya zama? saboda a ubuntu babu irin wannan fayil din ......
Ya kasance mara aibi kamar koyaushe.
Ananan kallo, lokacin rufe Nano baya sauri Ctrl + X sannan a fita tare da Y ko S
Girmamawa
Kyakkyawan bayani, @KZKG, Ina amfani da wannan shawarar a tsakanin wasu don inganta tsaro na PC ɗina da kuma sabobin da nake aiki tare, amma don kauce wa dokar ɓoyewa, Ina amfani da sysctl da babban fayil ɗin sa / sauransu / sysctl. d / tare da fayil ɗin da zan haɗa umarnin da suka wajaba don haka tare da kowane sake farawa ana ɗora su kuma tsarin takalmi na tare da duk ƙimomin da aka riga aka gyara.
Game da amfani da wannan hanyar, kawai ƙirƙirar fayil XX-local.conf (XX na iya zama lamba daga 1 zuwa 99, Ina da shi a cikin 50) kuma rubuta:
net.ipv4.icmp_echo_ignore_all = 1
Tuni da wannan suna da sakamako iri ɗaya.
Kyakkyawan bayani mai sauƙi, godiya
Waɗanne ƙarin umarni kuke da su a cikin wannan fayil ɗin?
Duk wani umarnin da ya danganci masu canzawa sysctl kuma za'a iya sarrafa shi ta hanyar sysctl ana iya amfani dashi ta wannan hanyar.
Don ganin ƙimomi daban-daban waɗanda zaku iya shiga zuwa nau'in sysctl a cikin sysctl ɗin ku na ƙarshe -a
A cikin OpenSUSE ban sami damar gyara shi ba.
Kyakkyawan
Wata hanya mafi sauri zata kasance ta amfani da sysctl
#sysctl -w net.ipv4.icmp_echo_ignore_all = 1
Kamar yadda aka fada, a cikin IPTABLES kuma kuna iya ƙin yarda da buƙatar ping don komai ta:
iptables -A shigar da kayan -p icmp -j DROP
Yanzu, idan muna so mu ƙi kowane buƙata sai dai takamaiman, zamu iya yin ta ta hanya mai zuwa:
Muna bayyana masu canji:
IFEXT = 192.168.16.1 # nawa IP
AKA BAYYANA IP = 192.168.16.5
iptables -A shigar da -i $ IFEXT -s $ TAMBAYA IP -p icmp -m icmp –icmp-type echo-request -m tsayin-tsawon 28: 1322 -m iyaka –limit 2 / sec –limit-fashe 4 -j ACCEPT
Ta wannan hanyar ne muke ba da izinin wannan IP ɗin don yin ping ɗin PC ɗin mu (amma tare da iyaka).
Ina fatan yana da amfani a gare ku.
Salu2
Kai, bambance-bambance tsakanin masu amfani, yayin da windows windows suna magana game da yadda ake wasa halo ko mugunta a cikin Linux suna gundurar duniya da abubuwa kamar haka.
Kuma wannan shine dalilin da ya sa Windowseros kawai ya san yadda za a yi wasa, yayin da Linuxeros sune waɗanda suka san ingantaccen tsarin OS, cibiyoyin sadarwa, da sauransu.
Na gode da ka bamu ziyarar ka 😀
Gaisuwa Coordiales
Jigon yana da matukar amfani kuma yana taimakawa har zuwa wani lokaci.
Gode.
lokacin da windows suka gano game da wannan zaku ga sun haukace
a cikin kayan aiki da dole ne ku sanya ip a cikin IMPUT kuma a cikin DROP wani abu dabam?