[GTALUG] Ubuntu -- Disabling Ping

Thu Aug 30 08:09:59 EDT 2018

On 08/30/2018 06:11 AM, o1bigtenor via talk wrote:

> On Wed, Aug 29, 2018 at 10:58 PM, Howard Gibson via talk
> <talk at gtalug.org> wrote:
>> On Wed, 29 Aug 2018 22:03:52 -0400
>> Alvin Starr via talk <talk at gtalug.org> wrote:
>>> you could also do the following:
>>>
>>> sudo sysctl net.ipv4.icmp_echo_ignore_all=1
>> Alvin,
>>
>>     That's it.  I saw instructions on the internet to update /etc/sysctl.conf, but they did it wrong.  Your command line works!
>>
>>     Thank you.
>>
>>     I will be updating my website to show easy install methods for Ubuntu and Fedora.
>>
> Greetings
>
> I have ping disabled directly on my router so none of the machines
> behind it can be accessed from outside.
>
> Why wouldn't you do it there?
>
> A possible answer is that you are using the laptop truly mobile but
> that would be the only need for such a mod imo.
> For those that 'know' is there any other scenario where you might want
> to disable ping access on a machine basis?
>
> Regards
>
>
I am not a big fan of disabling pings.

When ping is disabled it makes it extremity hard to diagnose network 
problems.
I operated an ISP and it would be very hard to diagnose network problems 
on systems with ping disabled.
There are other tools but most of them require software on both systems 
where ping is simple and easy to setup

It is possible to limit ping both in size and frequency.

Disabling ping is of very limited value to stop hackers because port 
scanning software will just try the well known ports and will find you 
if you have the ports open.

Incoming ping floods will still suck up all your incoming bandwidth even 
if you have pings disabled.
Also ping floods have fallen out of vogue as a DOS attack vector.

-- 
Alvin Starr                   ||   land:  (905)513-7688
Netvel Inc.                   ||   Cell:  (416)806-0133
alvin at netvel.net              ||