http://tech-recipes.disqus.com/Cookbook of Tech TutorialsenThu, 14 Apr 2005 06:53:41 -0000http://www.tech-recipes.com/rx/202/make-linux-ignore-a-ping/#comment-2767122<p>No answer to an ICMP ping does not automatically mean, that your machine does not exist.</p><p>If your machine would not exist, the last router _before_ your machine would send an ICMP not reachable message.</p><p>Doing strange things with your ICMP config buys you absolutely nothing in respect to an attacker, but may easily make legitimate network use more difficult. E.g. look how MTU discovery works and how it does not because "wise" admins disallow their machines to send ICMP replys.</p><p>Regards,<br>Jim</p>MacBaineThu, 14 Apr 2005 06:53:41 -0000http://www.tech-recipes.com/rx/202/make-linux-ignore-a-ping/#comment-2767121<p>Even better:</p><p>don't ignore ICMP echos:<br><code>sysctl -w net.ipv4.icmp_echo_ignore_all=0</code></p><p>do ignore ICMP echos:<br><code>sysctl -w net.ipv4.icmp_echo_ignore_all=1</code></p><p>sysctl -a will give you a nice list of values that you can tweak.</p><p>If you're running a Redhat-based system, you can plop the desired values in /etc/sysctl.conf.</p>bofh468Mon, 10 Nov 2003 16:48:25 -0000