LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-24-2006, 02:26 PM   #1
dsschanze
Member
 
Registered: Aug 2004
Location: Gainesville, FL
Distribution: Linux Mint 12, Win7, iOS
Posts: 208

Rep: Reputation: 33
Question Block ICMP ping in Redhat 9


Hi,
I am setting up an HTTP server on Redhat 9. How do I set my system to block ICMP pings? I would like to be able to set this option as I have been a hacking victim a few times already and would like to add as much security as possible.

Thanks,
Derek
 
Old 07-24-2006, 03:40 PM   #2
cachemonet
Member
 
Registered: Jan 2006
Distribution: Various versions of Red Hat Fedora Core and Ubuntu
Posts: 40

Rep: Reputation: 15
iptables -A INPUT -p ICMP -j DROP

This is easily defeated with a syn scan with nmap. You still need to continue to read security bulletins. Most basic script kiddies will still find your system if they want to.

Last edited by cachemonet; 07-24-2006 at 03:41 PM.
 
Old 07-24-2006, 03:54 PM   #3
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,141

Rep: Reputation: 168Reputation: 168
It's true that disabling ping doesn't stop people finding your box. For all I know you have a good reason, so another way to do it is to edit /etc/sysctl.conf and add the following line, then re-read the settings with sysctl -p /etc/sysctl.conf
Code:
net.ipv4.icmp_echo_ignore_all = 1
 
Old 07-24-2006, 04:40 PM   #4
dsschanze
Member
 
Registered: Aug 2004
Location: Gainesville, FL
Distribution: Linux Mint 12, Win7, iOS
Posts: 208

Original Poster
Rep: Reputation: 33
Thanks very much!

-Derek
 
Old 07-24-2006, 05:21 PM   #5
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
if you have your INPUT policy set to DROP (you should), then you wouldn't need to take any of these measures to block PINGs... if your box is exclusively an HTTP/HTTPS server, then really you only need to accept TCP packets to ports 80 and 443 - no ICMP at all...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
block first icmp pakets then let them go sqn Linux - Security 3 03-31-2006 02:18 AM
LXer: Ping: ICMP vs. ARP LXer Syndicated Linux News 0 12-22-2005 01:46 PM
msec and ICMP ping problem rjcrews Linux - Security 4 12-06-2005 07:59 AM
ipcop, block icmp on red interface webstuff Linux - Security 9 04-18-2005 10:43 PM
Is that a good thing to block ICMP protocol on a Web server? Iced Earth Linux - Security 2 06-15-2004 07:49 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:56 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration