PDA

View Full Version : block ping requests

Evert
7th June 2004, 04:18 AM
I have FC2, with firestarter and a draytek vigor 2600 router as firewalls.

According to grc.com, my ports are stealth. The only thing is that my computer can be pinged.

How do i disable this behaviour?

I have kernel 2.6.6-1.376

thank you
Tashiro
7th June 2004, 04:38 AM
Hey evert,

Pinged from where?? Internal on a lan, or from the site www.grc.com??

Tashiro
crackers
7th June 2004, 04:59 AM

Not exactly where the option is in Firestarter, but what you want to do is disable responding to ICMP requests. While "ping" does use a TCP/IP port, the protocol is NOT TCP/UDP, but rather ICMP - which is a network "control" protocol.
Evert
7th June 2004, 05:19 AM
grc.com does sent a ping to my computer and it seems that my computer answers.
xerophyte
7th June 2004, 06:24 AM
Hello,

if you wanna block ping echo reply or request you can use this rule with iptables

iptables -A INPUT -p icmp --icmp-type 8 -s SourceIPAddress -j DROP


or
echo 1>/proc/sys/net/ipv4/icmp_echo_ignore_all

which will drop all echo reply

hope that helps
crackers
7th June 2004, 08:26 AM
Originally posted by Evert
grc.com does sent a ping to my computer and it seems that my computer answers.
You might want to be real careful about how much ICMP activlity you turn off. Some providers require at least a response to an ARP request in order to remain on their network...
scaa
21st March 2008, 05:26 AM
Hello,

if you wanna block ping echo reply or request you can use this rule with iptables

iptables -A INPUT -p icmp --icmp-type 8 -s SourceIPAddress -j DROP


or
echo 1>/proc/sys/net/ipv4/icmp_echo_ignore_all

which will drop all echo reply

hope that helps

The iptables etc rule helped me and the shields up test is successful. The ping requests are blocked
johnnymack
23rd March 2008, 08:12 AM
IIRC, ARP is OSI level 2 protocol and ping is ICMP which is OSI level 3. They aren't related.

So, disabling ping will not have any effect on ARP traffic.

But, disabling all or other selected ICMP traffic may affect ones Internet experience.

For example, ICMP source-quench should not be disabled.
Its value is in informing you to slow your traffic to a downstream host/router because you are about to cause packet loss if you don't throttle your sending.

Another ICMP type to leave unblocked is TTL exceeded, which says that something you sent didn't make it to its destination due to the time-to-live being decremented to zero and its packet dropped. In which case, your proper action would be to retransmit, with a larger TTL.

Some ICMP messages are diagnostic information which allows recovery from certain error situations.

jm