Help: No Ping

Hello,

How to avoid others use the command "ping" to scan my computer? My Linux
is RHEL 3. I assume that I should use iptables.

Thank you very much~

Regards,

Amy Lee

On 2008-01-02, Amy Lee <(E-Mail Removed)> wrote:
> How to avoid others use the command "ping" to scan my computer?

Block icmp type 8 (echo-request)
Davide

--
One distinguishing characteristic of BOFHen is attention deficit disorder.
Put me in front of something boring and I can find a near-infinite number
of really creative ways to bugger off.
-- ADB

On Wed, 02 Jan 2008 13:53:18 +0100, Davide Bianchi wrote:

> On 2008-01-02, Amy Lee <(E-Mail Removed)> wrote:
>> How to avoid others use the command "ping" to scan my computer?
>
> Block icmp type 8 (echo-request)
> Davide
Thank you. But can you tell me more details and how to execute this
command?

Amy

Am Wed, 02 Jan 2008 21:14:26 +0800 schrieb Amy Lee:

> On Wed, 02 Jan 2008 13:53:18 +0100, Davide Bianchi wrote:
>
>> On 2008-01-02, Amy Lee <(E-Mail Removed)> wrote:
>>> How to avoid others use the command "ping" to scan my computer?
^^^^^^^^^^^^^^
You don't need icmp to scan a target.
> Thank you. But can you tell me more details and how to execute this
> command?

iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
What is wrong with scanning?

cheers

On 2008-01-02, Amy Lee <(E-Mail Removed)> wrote:
> Thank you. But can you tell me more details and how to execute this
> command?

There is an extensive documentation on iptable, a search with
google will return you a lot of example that could best suit your needs,
in short, something like

iptables -A INPUT -p ICMP --icmp-type 8 -j DROP

should be enough for what you need

--
When you need a helpline for breakfast cereals, it's time to start
thinking about tearing down civilisation and giving the ants a go.
--Chris King

On Wed, 02 Jan 2008 13:18:06 +0000, Burkhard Ott wrote:

> Am Wed, 02 Jan 2008 21:14:26 +0800 schrieb Amy Lee:
>
>> On Wed, 02 Jan 2008 13:53:18 +0100, Davide Bianchi wrote:
>>
>>> On 2008-01-02, Amy Lee <(E-Mail Removed)> wrote:
>>>> How to avoid others use the command "ping" to scan my computer?
> ^^^^^^^^^^^^^^
> You don't need icmp to scan a target.
>> Thank you. But can you tell me more details and how to execute this
>> command?
>
> iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
> What is wrong with scanning?
>
> cheers

Thank you. And I wanna know if I enable this strategy whether it will
influence anything else.

Regards,

Amy

Hello,

Amy Lee a écrit :
>
> How to avoid others use the command "ping" to scan my computer? My Linux
> is RHEL 3.

You can't scan a host with ping. You can just learn it's there, but
there are many other methods.

> I assume that I should use iptables.

You don't need iptables for this. You can just instruct the kernel to
ignore ICMP echo requests :

echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
or
sysctl -w net.ipv4.icmp_echo_ignore_all=1

This can usually be made persistent across reboots by adding the
following line into the file /etc/sysctl.conf :

net.ipv4.icmp_echo_ignore_all=1