: Because I want to monitor traffic, not block it entirely. I just want : this machine to basically lurk on my network looking for suspicious : activity and then notifying me if it occurs. Not reponding to pings : would at least keep most "hackers" out becaues they would never even : know it's there. actually, i've been doing some work on this.. if you run a devel kernel (the 2.1.* series..not likely that you do, but i do and it's kinda neat, actually) then it is possible to block pings entirely to your machine.. a simple "echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all" will do the trick... to turn it back on, simply "echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all"