how can i stop ping reply?
 

hi everybody , i have newbie question

how can i stop ping reply videlicet how can i stop reply if anybody ping my IP , or just got my IP but don't got reply?

and sorry for bad english .

I believe you just need to install a firewall and configure it to drop all packets.

As root

echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all

This will block all icmp requests.

To make this a permanent settings, add the line below to /etc/sysctl.conf

net.ipv4.icmp_echo_ignore_all = 0

As pljvalez suggested, you can also set a firewall rule to disable icmp reply.

pljvaldez thank you but i wanna stop ping without firewall

ppuru thanks it's worked , but i try to edit sysctl.conf and put what you say but it dosn't worked

anyway thank .

gurumind, my apologies, set

net.ipv4_icmp_echo_ignore_all = 1

to stop pings. setting it to 0 allows pings.

ok ppuru , but would i must restart service or something like that?

and really thanks ppuru .

no need, the next time you reboot your system, the icmp_echo_ignore_all will be set.

You don't need to reboot to make the settings take effect. If you've added the line to /etc/sysctl.conf, as root type sysctl -p

after i type sysctl -p

error: "net.ipv4_icmp_echo_ignore_all" is an unknown key

any suggeste?

try changing the first underscore to a period... like this:

This is slightly off topic.
I know there is a way in which you can configure some message to be displayed when someone tries to ping our machine. Does anyone know how that is done?

well, if you filter the pings with regular iptables instead of sysctl.conf it's just a matter of adding a LOG target rule... so anytime someone pings you it will show-up in /var/log/syslog:

are you suing a gui? check out he iptable instface guarddog

Thanks win32sux, sorry for the typo Gurumind.

net.ipv4.icmp_echo_ignore_all is the correct key.

sysctl -a gives a list of all settable parameters. Play around at your own risk.

Thanks win32sux and ppuru for help

it's working now

What I meant was, the person who pings would see a message (that we had configured) when he tried to ping our system.

oh, okay... well, i don't know how to do that... i'm sure someone else does, though...

i'm thinking maybe what we do is mangle the outgoing icmp echo reply or something like that??

could you provide an IP/domain we could ping to see these customized replies?? i don't think i've ever seen one, but i'm not sure... basically you're saying we could put any text in the reply, right??

ineo
you may try using REJECT (--reject-with) instead of DROP. Check the man pages.

so basically we have to choose one of those messages right?? like, we don't get to make our own??

Why do you want to do this?
Either you respond with a correct reply or you want to stay invisible (which is stupid if you have one tcp port open or your firewall sends a reject when being probed on one port).

Basically when a cracker sees a prohibited message, he will be very interesting in hacking your box. Prohibited things always brings curiosity.

Some windows machine (windows 2000 in LAN, I don't know in WAN environment) send ping request automatically, without the user doing anything so you will end up with "false positive" events. Ping is nothing, its a connectivity test, not a scan. Its not a proof of an attack, it can precede an attack/scan maybe.

Also in rfc 1812 it states that only admin_prohibited should be used and only on routers. So you show your box as being a router, hum even more interesting!

You can be interested in trying this for a little time but for a general use, either dont respond (AT ALL, not only ping, stay invisible) or let your kernel respond normally.

dude i'm not interested in doing this. i'm just interested in knowing if it can be done or not. iNeo's original question sounded like he wanted to be able to make a *customized* message be sent back. after reading your post about the cracker we still don't know the answer. so for now i'll assume there's no easy way to do it, or that in fact it can't be done. perhaps we just get to choose from those types of replies, and the message the person doing the ping gets on his side depends on HIS setup??

My first question was to the OP but I forgot to mention it. Sorry.. The title mentions blocking, then the OP asks for changing the data in return and then somebody pointed to reject. I tried to answer to 2 of them, the other *I* find it stupid. If its for fun on a home machine then maybe as you said mangling icmp_echo_replies should do the trick.
Microsoft had(have) this also hard coded, they always returned ABCDE.. or something like this which violates the rfc (Data received in the ICMP_ECHO request MUST be included in the reply)

It's my understanding that an ICMP (Ping) packet has specific codes that mean one of the pre-defined errors (listed in win32sux' post of the iptables options). This means that the only messages you can return are the pre-defined ones and that anything you put into the "data" section of an ICMP packet is filler and will be ignored. As far as stopping pings for security, if you are going to do it then either drop them or report host unreachable, anything else will just peak the interest of any potential hackers even more.