Ask Your Question
1

how to disable ping replies

asked 2018-08-16 00:04:41 -0600

Jim Copenhaver gravatar image

I have used grc.com for years to make sure all of my ports are invisible to the internet. I ran a scan a few minutes ago and found every port it checks replied on a ping. Everything else passed, but I would like to be able to disable ping replies. Does anyone know how to disable ping replies? Everything else works like a champ. I am running Fedora 28 and have applied all patches.

edit retag flag offensive close merge delete

6 Answers

Sort by » oldest newest most voted
1

answered 2018-08-16 04:17:00 -0600

ed209 gravatar image

updated 2018-08-17 10:28:12 -0600

florian gravatar image

As root

echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all

to disable ping. To reenable,

echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all

edit flag offensive delete link more

Comments

That is

echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all

The trick is to indent the text by four spaces.

villykruse gravatar imagevillykruse ( 2018-08-16 05:59:25 -0600 )edit

Running as root, I get a permission denied error message? I even copied the command into my xterm window. It did not get an error message, but when I ran another port scan and all of the ports were still sending back an echo.

Jim Copenhaver gravatar imageJim Copenhaver ( 2018-08-16 08:45:46 -0600 )edit
1

answered 2018-08-17 16:25:44 -0600

ed209 gravatar image

@jim: two things

1) ping to localhost always works, but when pinging to your host it won't answer. Suppose your box is named f28, then

ping f28.localhost

won't answer at all when setting the icmp_echo_ignore_all to 1 as described above.

2) Presumably you're going on internet via a router. When checking on grc.com , you are actually checking your router, not really your computer, which isn't directly connected on internet. Check the manual of your modem for instructions on how to block ping and other operations/ports.

edit flag offensive delete link more

Comments

what you may want to consider is: https://openwrt.org/

florian gravatar imageflorian ( 2018-08-18 22:32:00 -0600 )edit

You hit the nail on the head! I double checked the ping on my dauthter's Windows 10 system and it failed as well. I logged into our Xfinity router (10.0.0.1) with username admin and password of password. It forced me to change the password, but would not allow any special characters. I went to the firewall, IPv4 option and found that the security was set to low. I changed it to medium and it passed the ping test. I hope this doesn't cause any problems with some of the games my daughter plays, but I will deal with this if it comes up again.

Thanks to everyone for helping me!

Jim Copenhaver gravatar imageJim Copenhaver ( 2018-08-20 11:44:47 -0600 )edit

maybe the comment doesn't belong here, but consider buying a cable modem (used $10-20) and router (used $15-25) instead of paying $10 to Comcast every months. They rip you off and you don't have control over the firmware.

florian gravatar imageflorian ( 2018-08-20 13:00:25 -0600 )edit
0

answered 2018-08-16 14:07:48 -0600

ed209 gravatar image

updated 2018-08-17 10:29:38 -0600

florian gravatar image

/proc/sys/net/ipv4]# cat icmp_echo_ignore_all

0

echo 1 > icmp_echo_ignore_all

cat icmp_echo_ignore_all 1

ping to host doesn't answer

echo 0 > icmp_echo_ignore_all

/proc/sys/net/ipv4]# cat icmp_echo_ignore_all

0

ping to host answers again.

Double check the commands and report the message.

edit flag offensive delete link more

Comments

[root@localhost ipv4]# cat icmpechoignoreall 0 [root@localhost ipv4]# echo 1 > icmpechoignoreall [root@localhost ipv4]# cat icmpechoignoreall 1 1 cat: 1: No such file or directory [root@localhost ipv4]# ping localhost PING localhost(localhost (::1)) 56 data bytes 64 bytes from localhost (::1): icmpseq=1 ttl=64 time=0.162 ms --- localhost ping statistics --- [root@localhost ipv4]# echo 0 > icmpechoignoreall /proc/sys/net/ipv4]# cat icmpechoignoreall 0 [root@localhost ipv4]# ping localhost PING localhost(localhost (::1)) 56 data bytes

Jim Copenhaver gravatar imageJim Copenhaver ( 2018-08-16 18:53:46 -0600 )edit

I went out to grc.com and got the following message:

Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.

Jim Copenhaver gravatar imageJim Copenhaver ( 2018-08-16 18:54:34 -0600 )edit

hey, I fixed your formatting - otherwise the answer is really hard to read. Next time, please use the formats available in the editor.

florian gravatar imageflorian ( 2018-08-17 10:30:26 -0600 )edit
0

answered 2018-08-16 04:21:40 -0600

ed209 gravatar image

updated 2018-08-17 10:27:59 -0600

florian gravatar image

Sorry, somehow the underscores are missing. The last part should read as

icmp_echo_ignore_all

edit flag offensive delete link more
0

answered 2018-08-20 15:10:37 -0600

Jim Copenhaver gravatar image

The final answer was with the Xfinity modem that was installed with security set to LOW. Comcast set it up like this for some unknown reason, so I changed it to medium and it it passed the ping test. I did learn a lot in the process.

  1. All of the icmpechoignore_all settings are only temporary and may not hold through a reboot.
  2. The sysctl.conf file can be changed with net.ipv4.icmpechoignore_all = 1. I assume that this worked, but I could not see it due to the problems with the Xfinity modem.
  3. Going into the firewall was useful as well. The interface worked well. I went into each of the zones and blocked all icmp echo requests. I was sure to make all of the changes permanent, so I wouldn't have to fool with this ever again. This was another example of where I couldn't see the change because of the Comcast setup.
edit flag offensive delete link more
0

answered 2018-08-16 04:23:17 -0600

ed209 gravatar image

Again! The preview shows it's fine!

icmp echo ignore all

separated by underscore, not space.

edit flag offensive delete link more

Comments

Askbot’s markup sucks - Use the code block formatting (101010 symbol) to make it look correct/nice.

florian gravatar imageflorian ( 2018-08-16 20:18:34 -0600 )edit
1

Used control-k for code, thank you.

ed209 gravatar imageed209 ( 2018-08-17 16:26:51 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-08-16 00:04:41 -0600

Seen: 142 times

Last updated: Aug 20