-
Website
http://www.tech-recipes.com/ -
Original page
http://www.tech-recipes.com/rx/202/make-linux-ignore-a-ping/ -
Subscribe
All Comments -
Community
-
-
Top Commenters
-
Popular Threads
- Symfony: Drop Down List Box Without Submit Button
- PowerPoint 2010: How To Convert a Presentation to Video (WMV format)
- Windows Live Mail: Automatically Spell Check All Email Before Sending
- Firefox: How to Make Google Reader the Default RSS Reader for Subscribing to Feeds
- Facebook: How To Get Only Status Updates on Your FB Home Page
don't ignore ICMP echos:
sysctl -w net.ipv4.icmp_echo_ignore_all=0do ignore ICMP echos:
sysctl -w net.ipv4.icmp_echo_ignore_all=1sysctl -a will give you a nice list of values that you can tweak.
If you're running a Redhat-based system, you can plop the desired values in /etc/sysctl.conf.
If your machine would not exist, the last router _before_ your machine would send an ICMP not reachable message.
Doing strange things with your ICMP config buys you absolutely nothing in respect to an attacker, but may easily make legitimate network use more difficult. E.g. look how MTU discovery works and how it does not because "wise" admins disallow their machines to send ICMP replys.
Regards,
Jim