Ping is a software utility primarily used by the network administrators to check the reachability of a network host (target) from another host (source). It is also used to check the round trip delay, the time taken a network packet to travel from source to target and back. The round trip delay indicates the health (speed) of the connectivity between the network hosts. Smaller round trip delay indicates better health of the connection. Here we’ll see why and how to configure a Linux system to disable ping response.
If I ping to www.google.com from my computer, I’ll get responses from google server like this.
# ping www.google.com PING www.google.com (216.58.220.36) 56(84) bytes of data. 64 bytes from maa03s18-in-f4.1e100.net (216.58.220.36): icmp_seq=1 ttl=128 time=53.6 ms 64 bytes from maa03s18-in-f4.1e100.net (216.58.220.36): icmp_seq=2 ttl=128 time=63.5 ms 64 bytes from maa03s18-in-f4.1e100.net (216.58.220.36): icmp_seq=3 ttl=128 time=53.9 ms 64 bytes from maa03s18-in-f4.1e100.net (216.58.220.36): icmp_seq=4 ttl=128 time=89.4 ms 64 bytes from maa03s18-in-f4.1e100.net (216.58.220.36): icmp_seq=5 ttl=128 time=53.5 ms 64 bytes from maa03s18-in-f4.1e100.net (216.58.220.36): icmp_seq=6 ttl=128 time=63.7 ms
Getting response of ping from www.google.com suggests few things
– The destination www.google.com (on IP Address 216.58.220.36) is alive.
– There is network connectivity between two internet hosts (my computer and the google server).
– The average round trip delay 60 ms means that the connection speed is reasonably good.
By default most of the Linux systems are configured to respond to ping requests but many network administrators like to disable that.
Why to Disable Ping
Network administrators want to disable ping response mainly for the security issues. Two known problems are “Ping of Death” and “Ping Flood“. In “Ping of Death” the attackers send very big ping packets, bigger than 65,536 bytes, to the target. The target computers sometime fail to handle such big network packets. They either hang, crash, reboot or misbehave. Modern operating systems though solved this problem. In “Ping Flood” method, the attackers send lot of ping requests to the host at a very high rate. That basically eats up the target system’s bandwidth and processing time. This is one type of DoS (Deniel of Service) attack. There may be other reasons also to disable ping.
How to disable ping
There are several ways to disable ping on Linux computer.
Changing Kernel Variable
You can change the kernel variable by issuing this command. You have to run this command as root (super user).
echo 1 >/proc/sys/net/ipv4/icmp_echo_ignore_all
I have a system with IP address 123.45.1.1. Before issuing this command I could ping that computer from other computer like this.
$ ping 123.45.1.1 PING 123.45.1.1 (123.45.1.1) 56(84) bytes of data. 64 bytes from 123.45.1.1: icmp_seq=1 ttl=64 time=0.295 ms 64 bytes from 123.45.1.1: icmp_seq=2 ttl=64 time=0.617 ms 64 bytes from 123.45.1.1: icmp_seq=3 ttl=64 time=0.605 ms
After issuing the command I did not get any response of ping.
]$ ping 123.45.1.1 PING 123.45.1.1 (123.45.1.1) 56(84) bytes of data.
No message from 123.45.1.1.
Please note that this solution is not persistent across system reboot. To make this persistent add the following into /etc/sysctl.conf file (if you have such a file). You have to run this command as root (super user) also.
net.ipv4.conf.icmp_echo_ignore_all = 1
Adding Filter to the Firewall.
You can achieve the similar thing by adding filter to the firewall. Run the following command to do that as root.
#iptables -A INPUT -p icmp -j DROP
This filter rule says that any incoming network packet of ICMP protocol will be dropped. Ping runs on ICMP protocol, that means the ping Echo Request comes as ICMP packet. As we set the firewall to drop all ICMP packets, the Ping application on the computer will not receive the request. Hence it will not also response.