Ady Wicaksono Daily Activities

Rejecting “ping” to your linux server

with one comment

Sometimes you’re so paranoid so you don’t like
others to “ping” your server. How to do this?
Read the article below to get the answer

I assume our linux IP server is 10.160.154.102
In normal condition we can ping like this:

c:>ping 10.160.154.102

Pinging 10.160.154.102 with 32 bytes of data:

Reply from 10.160.154.102: bytes=32 time<10ms TTL=64
Reply from 10.160.154.102: bytes=32 time<10ms TTL=64
Reply from 10.160.154.102: bytes=32 time<10ms TTL=64
Reply from 10.160.154.102: bytes=32 time<10ms TTL=64

Ping statistics for 10.160.154.102:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum =  0ms, Average =  0ms

But if we reject this ICMP echo-request using iptables like this

iptables -I INPUT -p icmp --icmp-type echo-request -j REJECT

Now we get destination port unreachable

C:>ping 10.160.154.102

Pinging 10.160.154.102 with 32 bytes of data:

Reply from 10.160.154.102: Destination port unreachable.
Reply from 10.160.154.102: Destination port unreachable.
Reply from 10.160.154.102: Destination port unreachable.
Reply from 10.160.154.102: Destination port unreachable.

Ping statistics for 10.160.154.102:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum =  0ms, Average =  0ms

Actually our server is not purely drop the ICMP packet, but simply
send ICMP destination-unreachable. If we want to drop it, then you use
this iptables command

iptables -I INPUT -p icmp --icmp-type echo-request -j DROP

Now the ping result will be different:

C:>ping 10.160.154.102

Pinging 10.160.154.102 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 10.160.154.102:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum =  0ms, Average =  0ms

So, happy protecting

Written by adywicaksono

November 9, 2007 at 9:38 am

Posted in Linux, networking

One Response

Subscribe to comments with RSS.

  1. Thanks

    Fouad

    December 31, 2007 at 8:50 am


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: