First page Back Continue Last page Overview Graphics
Disabling Ping
Linux allows you to disable the “echo reply” from a direct ICMP ping “echo” request.
Some Unix hosts allow you to disable responses to broadcast pings, but most do not allow you to stop direct ping requests.
Also, it is wise to disable the forwarding of pings if possible (for hosts with multiple interfaces or ability to route IPs).
Notes:
Disable "echo reply" for broadcast ping (on some hosts, it is wise to disable forwarding of the broadcast ping
as well):
Solaris
# ndd -set /dev/ip ip_respond_to_echo_broadcast 0
# ndd -set /dev/ip ip_forward_directed_broadcasts 0
AIX
# no -o directed_broadcast=0
HPUX
# ndd -set /dev/ip ip_respond_to_echo_broadcast 0
# ndd -set /dev/ip ip_forward_directed_broadcasts 0
Linux
sysctl -w net.ipv4.icmp_echo_ignore_broadcasts = 0
In Linux it is possible, as mentioned to ignore all ICMP echo requests creating a stealth, non pingable host:
sysctl -w net.ipv4.icmp_echo_ignore_all = 0
The best way to deal with ICMP ping is at the router or firewall level. Do not allow anything to be ping'd from the outside. Do not allow any ping to be forwarded.