Disable echo reply (ping)

Disable echo reply (ping)

Post by Juergen Schmit » Tue, 24 Apr 2001 23:07:22



Hi!

Is there any way in solaris (7 & 8) to disable replying to pin/echo
requests? This is required during installation of a system via network
because the load balancer pings his clients to see if they are alive -
but a system isn't realy alive during installation.

Jrgen Schmitz

Jrgen Schmitz, Dipl-Inform. (FH)
Hostmaster

ZET.NET AG                              phone +49 89 / 450 652-37
Rosenheimer Str. 139 / 9th Floor        fax   +49 89 / 450 652-90

Germany                                 homepage http://www.zet.net/

 
 
 

Disable echo reply (ping)

Post by B » Wed, 25 Apr 2001 07:03:35


Then the load balancer has the wrong way of checking if a client is alive.
It is alive in the sense that IP is configured on the machine, but
supposively, IP isn't the machines primary service. It's better to check for
the actual service that you expect to be alive but it is almost always
easier to just ping (but the results isn't always reliable as you see)

Don't remember if unicast echo reply can be disabled, check with ndd -get
/dev/ip \?

/B


> Hi!

> Is there any way in solaris (7 & 8) to disable replying to pin/echo
> requests? This is required during installation of a system via network
> because the load balancer pings his clients to see if they are alive -
> but a system isn't realy alive during installation.

> Jrgen Schmitz

> Jrgen Schmitz, Dipl-Inform. (FH)
> Hostmaster

> ZET.NET AG                              phone +49 89 / 450 652-37
> Rosenheimer Str. 139 / 9th Floor        fax   +49 89 / 450 652-90

> Germany                                 homepage http://www.zet.net/


 
 
 

Disable echo reply (ping)

Post by chad schroc » Wed, 25 Apr 2001 10:52:40



> Don't remember if unicast echo reply can be disabled, check
> with ndd -get /dev/ip \?

It can be.

Check out:
   http://www.sun.com/blueprints/1299/network.pdf

--
chad at radix dot net

 
 
 

Disable echo reply (ping)

Post by Juergen Schmit » Wed, 25 Apr 2001 16:47:40




> Then the load balancer has the wrong way of checking if a client is
> alive. It is alive in the sense that IP is configured on the machine,
> but supposively, IP isn't the machines primary service. It's better to
> check for the actual service that you expect to be alive but it is
> almost always easier to just ping (but the results isn't always reliable
> as you see)

It does both - but we have 2000 different ports on these machines (POP3
isn't a good protocol for multiple virtual domains) and it is not
possible to check them all - or the machine is only answering check
queries....

Quote:> Don't remember if unicast echo reply can be disabled, check with ndd
> -get
> /dev/ip \?

That's what I did - but only broadcast can be disabled - however I tried
this and it still pinged back....

Jrgen Schmitz

Jrgen Schmitz, Dipl-Inform. (FH)
Hostmaster

ZET.NET AG                              phone +49 89 / 450 652-37
Rosenheimer Str. 139 / 9th Floor        fax   +49 89 / 450 652-90

Germany                                 homepage http://www.zet.net/

 
 
 

Disable echo reply (ping)

Post by B » Thu, 26 Apr 2001 07:08:07


Is the server running POP3 as it's main service? Why not just check that the
known
POP3 port is alive? If it is (and I suppose it should be when the server is
functioning
properly) you are sure that IP is functioning to (i.e you can skip the ping
check).

Just a thought, I might have gotten this all wrong...

When you disable replies to icmp echo broadcasts you only disable the
machine to answer
pings to the broadcast adress. These kinds of pings are used for e.g.
fingerprinting hosts and
I cannot think of anytime they are needed. W$ machines doesn't answerpings
to the broadcast
adress anyway and Bill has never been proven wrong, has he!? ;)

/B




> > Then the load balancer has the wrong way of checking if a client is
> > alive. It is alive in the sense that IP is configured on the machine,
> > but supposively, IP isn't the machines primary service. It's better to
> > check for the actual service that you expect to be alive but it is
> > almost always easier to just ping (but the results isn't always reliable
> > as you see)

> It does both - but we have 2000 different ports on these machines (POP3
> isn't a good protocol for multiple virtual domains) and it is not
> possible to check them all - or the machine is only answering check
> queries....

> > Don't remember if unicast echo reply can be disabled, check with ndd
> > -get
> > /dev/ip \?

> That's what I did - but only broadcast can be disabled - however I tried
> this and it still pinged back....

> Jrgen Schmitz

> Jrgen Schmitz, Dipl-Inform. (FH)
> Hostmaster

> ZET.NET AG                              phone +49 89 / 450 652-37
> Rosenheimer Str. 139 / 9th Floor        fax   +49 89 / 450 652-90

> Germany                                 homepage http://www.zet.net/

 
 
 

1. How to disable icmp echo reply easily ?

Hello,

What is the best solution to disable icmp echo reply easily ?  I don't want
to reply to some 'bad pings' :-) (icmp flooding). I'd prefer a solution
without kernel recompilation, and with no reboot if it's possible ...

Thanks in advance.

--
Alain ENOUT                     Research Engineer, Mobile Communications Dpt

EURECOM, 2229 rte des cretes, BP 193, F-06904 Sophia Antipolis Cedex, France

2. Linux/Apache Guru Needed!($$)

3. arp replies not seen, ping's don't echo

4. NETDEV WATCHDOG: eth0: transmit timed out on LNE100TX 4.0, k ernel2.4.2-ac11 and earlier.

5. ICMP Echo Request (ping) automagically preceeding or following DNS reply -- Security Problem?

6. WU-FTP on AIX

7. Why "ping" can't recognize the "icmp: echo reply" message ?

8. Installing software...

9. What could block ICMP-echo replies with PING

10. Ping echo reply messages not picked up by destination station

11. Tcpdump sees "echo reply" but ping does not

12. Q: Can I set to disable about PING reply from client ?

13. disable broadcast ping reply