Hello List... Is there a way that I can keep people from pinging my box. I looked in the inetd.conf file and saw echo commented out. But my box is still replying to icmp requests. Your advice would be greatly appreciated. Darryl -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
You could set up ipchains to drop the packets. Why would this make a difference though? D At 09:38 PM 3/23/00 +0100, Darryl B. White wrote:
Hello List...
Is there a way that I can keep people from pinging my box. I looked in the inetd.conf file and saw echo commented out. But my box is still replying to icmp requests. Your advice would be greatly appreciated.
Darryl
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
D. I am trying to hide the box. I do not want individuals within my group to be able to ping my entire subnet and find this one paticular box. Darryl "Derek J. Balling" wrote:
You could set up ipchains to drop the packets. Why would this make a difference though?
D
At 09:38 PM 3/23/00 +0100, Darryl B. White wrote:
Hello List...
Is there a way that I can keep people from pinging my box. I looked in the inetd.conf file and saw echo commented out. But my box is still replying to icmp requests. Your advice would be greatly appreciated.
Darryl
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
ipchains would be the answer then. D At 09:51 PM 3/23/00 +0100, Darryl B. White wrote:
D.
I am trying to hide the box. I do not want individuals within my group to be able to ping my entire subnet and find this one paticular box. Darryl
"Derek J. Balling" wrote:
You could set up ipchains to drop the packets. Why would this make a difference though?
D
At 09:38 PM 3/23/00 +0100, Darryl B. White wrote:
Hello List...
Is there a way that I can keep people from pinging my box. I looked in the inetd.conf file and saw echo commented out. But my box is still replying to icmp requests. Your advice would be greatly appreciated.
Darryl
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
I'm sure your next question will be: How's that done? ipchains -I input -s 0.0.0.0/0 -d IP_ADDRESS/MASK -p icmp -j DENY ..would do the trick. But this will disable _all_ ICMP packets, not _only_ ping. I'm not sure if ICMP communicates on other ports than 0, but if it does, you might want to specify port 0, where ping is on. (I'm not even sure ICMP even uses ports! DENY is because your box will not answer. REJECT would be like telling the pinging host: 'Sorry, you may not ping me', which is not what you want. Good luck, I've done the same thing, to keep the scanners out! (It works mostly) Rogier Maas "Derek J. Balling" wrote:
ipchains would be the answer then.
D
At 09:51 PM 3/23/00 +0100, Darryl B. White wrote:
D.
I am trying to hide the box. I do not want individuals within my group to be able to ping my entire subnet and find this one paticular box. Darryl
"Derek J. Balling" wrote:
You could set up ipchains to drop the packets. Why would this make a difference though?
D
At 09:38 PM 3/23/00 +0100, Darryl B. White wrote:
Hello List...
Is there a way that I can keep people from pinging my box. I looked in the inetd.conf file and saw echo commented out. But my box is still replying to icmp requests. Your advice would be greatly appreciated.
Darryl
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
you could do: ipchains -I input -s 0.0.0.0/0 echo-request -d IP_ADDR/MSK -p icmp -j DENY you can put in for "echo-request" any of the valid output of ipchains -h icmp That should work for basics, and still allow you to ping OUT just fine. :) D At 11:04 PM 3/23/00 +0100, Rogier Maas wrote:
I'm sure your next question will be: How's that done?
ipchains -I input -s 0.0.0.0/0 -d IP_ADDRESS/MASK -p icmp -j DENY
..would do the trick. But this will disable _all_ ICMP packets, not _only_ ping. I'm not sure if ICMP communicates on other ports than 0, but if it does, you might want to specify port 0, where ping is on. (I'm not even sure ICMP even uses ports!
DENY is because your box will not answer. REJECT would be like telling the pinging host: 'Sorry, you may not ping me', which is not what you want.
Good luck, I've done the same thing, to keep the scanners out! (It works mostly)
Rogier Maas
"Derek J. Balling" wrote:
ipchains would be the answer then.
D
At 09:51 PM 3/23/00 +0100, Darryl B. White wrote:
D.
I am trying to hide the box. I do not want individuals within my group to be able to ping my entire subnet and find this one paticular box. Darryl
"Derek J. Balling" wrote:
You could set up ipchains to drop the packets. Why would this make a difference though?
D
At 09:38 PM 3/23/00 +0100, Darryl B. White wrote:
Hello List...
Is there a way that I can keep people from pinging my box. I
looked in
the inetd.conf file and saw echo commented out. But my box is still replying to icmp requests. Your advice would be greatly appreciated.
Darryl
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Thanks for the info. Everything looks good........ C Ya Darryl "Derek J. Balling" wrote:
you could do:
ipchains -I input -s 0.0.0.0/0 echo-request -d IP_ADDR/MSK -p icmp -j DENY
you can put in for "echo-request" any of the valid output of
ipchains -h icmp
That should work for basics, and still allow you to ping OUT just fine. :)
D
At 11:04 PM 3/23/00 +0100, Rogier Maas wrote:
I'm sure your next question will be: How's that done?
ipchains -I input -s 0.0.0.0/0 -d IP_ADDRESS/MASK -p icmp -j DENY
..would do the trick. But this will disable _all_ ICMP packets, not _only_ ping. I'm not sure if ICMP communicates on other ports than 0, but if it does, you might want to specify port 0, where ping is on. (I'm not even sure ICMP even uses ports!
DENY is because your box will not answer. REJECT would be like telling the pinging host: 'Sorry, you may not ping me', which is not what you want.
Good luck, I've done the same thing, to keep the scanners out! (It works mostly)
Rogier Maas
"Derek J. Balling" wrote:
ipchains would be the answer then.
D
At 09:51 PM 3/23/00 +0100, Darryl B. White wrote:
D.
I am trying to hide the box. I do not want individuals within my group to be able to ping my entire subnet and find this one paticular box. Darryl
"Derek J. Balling" wrote:
You could set up ipchains to drop the packets. Why would this make a difference though?
D
At 09:38 PM 3/23/00 +0100, Darryl B. White wrote:
Hello List...
Is there a way that I can keep people from pinging my box. I
looked in
the inetd.conf file and saw echo commented out. But my box is still replying to icmp requests. Your advice would be greatly appreciated.
Darryl
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Hi.
At 21:38 on 23 Mar 00, Darryl B. White begun to yabber about "[SLE] Turning of Ping.."
Date sent: Thu, 23 Mar 2000 21:38:55 +0100
From: "Darryl B. White"
Is there a way that I can keep people from pinging my box. I looked in the inetd.conf file and saw echo commented out. But my box is still replying to icmp requests. Your advice would be greatly appreciated.
man ipchains will show you lots of fun things to stop people connecting to your box.. Just set up a little firewall to stop your box replying to icmp requests.. Cya Matthew Matthew King: Network Engineer, Cable & Wireless Optus. My ICQ#: 2342475 Message me! Cellular Phone: +61 404 898544 040 489 8544 (Inside .au) Home e-mail: nerd@zip.com.au Work e-mail: Matthew.King@cwo.net.au Homepage: http://www.zip.com.au/~nerd/ -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GIT d+ s: a--- C++++ UL++++ P+ L+++ E---- W++ N++ o++ K w O- M- V- PS+ PE Y+ PGP- t+ 5++++ X++ R+ tv++ b+++ DI+++++ D++ G+++ e* h* r++ y+ ------END GEEK CODE BLOCK------ -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
participants (5)
-
darryl.b.white@saic.com -
dpilabs@home.com -
dredd@megacity.org -
icarus@guldennet.nl -
nerd@zip.com.au