Very Computer

by **EL Ci** » Tue, 29 May 2001 01:27:13

For security reasons, I have seen that some sites do not allow a ping
request to be done. An example is www.hotmail.com. By implementing
such security measure, will this have any negative effect on a
DNS/MAIL server ? I think the idea is great as script kiddies will
think that on one is home with that IP address. I would like to hear
what you guys think of this.

by **maus74** » Tue, 29 May 2001 04:05:15

Quote:> For security reasons, I have seen that some sites do not allow a ping
> request to be done. An example is www.hotmail.com. By implementing
> such security measure, will this have any negative effect on a
> DNS/MAIL server ? I think the idea is great as script kiddies will
> think that on one is home with that IP address. I would like to hear
> what you guys think of this.

Actually, it's usually just a firewall or router that does not allow ICMP
echo requests from the WAN side, or ICMP echo replies from the local side
(or both). There is often not any reason to allow these datagrams through,
and it won't hurt any other services if you close it.

However, don't think that just closing this port will completely hide your
machine. There are plenty of other ways...

-=w

by **bot40** » Tue, 05 Jun 2001 10:27:36

I have a semi-production machine with ping turned off and its a mail server
samba server, nfs server and all services run fine. Oh yea ftp too. all you
have to do is run
"echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all"
im not sure if thats the EXACT command but echo'ing a 1 to a file named
something like that will make your box invisible to ping.
P.S. this has to be run everytime you boot your machine

> > For security reasons, I have seen that some sites do not allow a ping
> > request to be done. An example is www.hotmail.com. By implementing
> > such security measure, will this have any negative effect on a
> > DNS/MAIL server ? I think the idea is great as script kiddies will
> > think that on one is home with that IP address. I would like to hear
> > what you guys think of this.

> Actually, it's usually just a firewall or router that does not allow ICMP
> echo requests from the WAN side, or ICMP echo replies from the local side
> (or both). There is often not any reason to allow these datagrams through,
> and it won't hurt any other services if you close it.

> However, don't think that just closing this port will completely hide your
> machine. There are plenty of other ways...

> -=w

by **J Sloa** » Wed, 06 Jun 2001 01:06:48

> I have a semi-production machine with ping turned off and its a mail server
> samba server, nfs server and all services run fine. Oh yea ftp too. all you
> have to do is run
> "echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all"
> im not sure if thats the EXACT command but echo'ing a 1 to a file named
> something like that will make your box invisible to ping.
> P.S. this has to be run everytime you boot your machine

OK, so that means once every 400 days or so....
hmm, better put it in the bootup scripts (or in sysctl.conf)

raven up 351+20:03, 0 users, load 0.20, 0.44, 0.66
freeside up 351+15:41, 0 users, load 0.00, 0.01, 0.00
armitage up 351+15:23, 0 users, load 0.28, 0.28, 0.25
duck up 247+14:31, 0 users, load 0.02, 0.01, 0.00

cu

jjs

Very Computer

Turning off ping

Turning off ping

Turning off ping

Turning off ping

Turning off ping