Configuring a server to be unpingable

Technote (troubleshooting)


Problem

How can make my server unpingable on the internal and external interfaces?

Cause

Some organization's security protocols require ICMP echo replies be disabled.

Resolving the problem

The ping command sends ICMP echo request and receives ICMP echo reply packets. This command is the quickest way to determine if a computer is connected and responding on a network. In some cases you may desire to disable echo reply packets. Run the following command to disable echo reply packets.

echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all

This setting is not permanent and will need to be run after each reboot.

To re-enable ICMP ping replies run the following command.

echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all

Security Implications

There is no inherent danger in being ping-able, and there is no inherent security in not being ping-able. There are myriad other ways to tell if a host is listening on a given address. An ICMP ping just happens to be a very convenient way to do it. It is one of the first things everyone checks when they are experiencing connectivity problems. Disabling this just makes the troubleshooting process more difficult. It is highly unlikely that ping has anything to do with possible intrusions.



    Cross reference information
    Segment Product Component Platform Version Edition
    Organizational Productivity- Portals & Collaboration Lotus Foundations Branch Office General Linux 1.1

    Historical Number

    1756

Rate this page:

(0 users)Average rating

Document information


More support for:

Lotus Foundations Start
Network & Internet

Software version:

1.0, 1.1, 1.2

Operating system(s):

Linux

Reference #:

1387181

Modified date:

2010-08-16

Translate my page

Machine Translation

Content navigation