chinhungchin
asked on
How to block inbound ICMP echo requests by iptables
Dear all,
I had tried to block the inbound ICMP echo request by iptables, but seems like I didn't have the job done right. I used the following command: iptables -A INPUT -p icmp --icmp-type echo-request -j REJECT. Could someone point out the erro and any respond is appreciated.
I had tried to block the inbound ICMP echo request by iptables, but seems like I didn't have the job done right. I used the following command: iptables -A INPUT -p icmp --icmp-type echo-request -j REJECT. Could someone point out the erro and any respond is appreciated.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Just do:
#echo "1" > /proc/sys/net/ipv4/icmp_ec ho_ignore_ all
#echo "1" > /proc/sys/net/ipv4/icmp_ec ho_ignore_ broadcasts
Otherwise, double check the contents of the packets to ensure its an ECHO-REPLY your seeing. Your using REJECT instead of DROP which means that your firewall will send out an ICMP packet to the sender of the ECHO-REQUEST but it will be a DEST-UNREACHABLE rather than a ECHO-REPLY. This is pretty bad because scanners such as nmap will know this is a firewall.
#echo "1" > /proc/sys/net/ipv4/icmp_ec
#echo "1" > /proc/sys/net/ipv4/icmp_ec
Otherwise, double check the contents of the packets to ensure its an ECHO-REPLY your seeing. Your using REJECT instead of DROP which means that your firewall will send out an ICMP packet to the sender of the ECHO-REQUEST but it will be a DEST-UNREACHABLE rather than a ECHO-REPLY. This is pretty bad because scanners such as nmap will know this is a firewall.
"iptables -A INPUT -p icmp --icmp-type echo-request -j REJECT. "
this is just one of aprx 30 types of icmp packets.....if you want your computer to stop respondig to icmp querryes do :
iptables -A INPUT -p icmp -j DROP -> this will kill all icmp types of packets
Be carefull !!! -> Droping icmp will load your system because it is procesing them (all)
it would be easyer to drop them like this:
iptables -A OUTPUT -p icmp -j DROP
this will not allow your system to reply to icmp packets :))
this is just one of aprx 30 types of icmp packets.....if you want your computer to stop respondig to icmp querryes do :
iptables -A INPUT -p icmp -j DROP -> this will kill all icmp types of packets
Be carefull !!! -> Droping icmp will load your system because it is procesing them (all)
it would be easyer to drop them like this:
iptables -A OUTPUT -p icmp -j DROP
this will not allow your system to reply to icmp packets :))
ASKER
Since there are a larger amount of alerts generated by snort ("CyberKit 2.2 Windows"), snort suggests me to block the inbound icmp echo-request. After changing the -A parameter to -I, I am now able to do so (e.g. I cannot ping my ip now). However, seems like snort still generates same alert.