How to keep a computer from answering to ping?

Extracted from comp.security.unix
Tip provided by Scott Prader
: Because I want to monitor traffic, not block it entirely.  I just want
: this machine to basically lurk on my network looking for suspicious
: activity and then notifying me if it occurs.  Not reponding to pings
: would at least keep most "hackers" out becaues they would never even
: know it's there.

actually, i've been doing some work on this.. if you run a devel kernel (the
2.1.* series..not likely that you do, but i do and it's kinda neat,
actually) then it is possible to block pings entirely to your machine..

a simple "echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all" will do the
trick... to turn it back on, simply
"echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all"

Follow-up :
| Previous | Next | Index of category | Main Index | Submit |


Appears in section(s) : kernel net security
Tip recorded : 30-11-1998 20:50:43
HTML page last changed : 27-07-1999 20:06:07