IBM Support

Configuring a server to be unpingable

Technote (troubleshooting)


How can make my server unpingable on the internal and external interfaces?


Some organization's security protocols require ICMP echo replies be disabled.

Resolving the problem

The ping command sends ICMP echo request and receives ICMP echo reply packets. This command is the quickest way to determine if a computer is connected and responding on a network. In some cases you may desire to disable echo reply packets. Run the following command to disable echo reply packets.

echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all

This setting is not permanent and will need to be run after each reboot.

To re-enable ICMP ping replies run the following command.

echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all

Security Implications

There is no inherent danger in being ping-able, and there is no inherent security in not being ping-able. There are myriad other ways to tell if a host is listening on a given address. An ICMP ping just happens to be a very convenient way to do it. It is one of the first things everyone checks when they are experiencing connectivity problems. Disabling this just makes the troubleshooting process more difficult. It is highly unlikely that ping has anything to do with possible intrusions.

Cross reference information
Segment Product Component Platform Version Edition
Messaging Applications Lotus End of Support Products Lotus Foundations Branch Office Linux 1.1

Historical Number


Document information

More support for: Lotus End of Support Products
Lotus Foundations Start

Software version: 1.0, 1.1, 1.2

Operating system(s): Linux

Reference #: 1387181

Modified date: 16 August 2010

Translate this page: