View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions icmp_echo_ignore_all does not keep new value
Log in to Ask a Question

icmp_echo_ignore_all does not keep new value

networking

Hello

I trying to blocking ICMP by

echo 1 >> /proc/sys/net/ipv4/icmpechoignore_all

but after restart my container - kernel restore icmpechoignore_all old value (0)

please help to fix this issue

thak you very much

6 Replies

echo "net.ipv4.icmp_echo_ignore_all = 1" >> /etc/sysctl.conf sysctl -p

ICMP is a useful tool to you (helps to monitor if your server is at least partially up).

ICMP is oh so last decade for hackers. Now they do much more sophisticated scans/fingerprinting such that no PING reply isn't even on their radar.

Security thru Obscurity is a myth - since blocking ICMP does nothing to increase your security, but does increase your Admin overhead - why bother?

@Alucard: 

echo "net.ipv4.icmp_echo_ignore_all = 1" >> /etc/sysctl.conf
sysctl -p


Thank very much for help and for vonskippy advice :)

@vonskippy:

ICMP is oh so last decade for hackers.
My linode has been pinged 13,231 times - it seems that there may be some hackers still living on the last decade.

@Stever:

My linode has been pinged 13,231 times
A second? A day? A month? Since you've setup your Linode?

Your statement has as much useful content as Han Solo's "making the Kessel Run in under 12 parsecs" line.

As I've mentioned, PING is used by MANY legitimate services, and no competent hacker relies on it to determine if there's a "target" out there.

But hey, turn off ping, make your life as a sysadmin much harder, what do I care.

@vonskippy:

@Stever:

My linode has been pinged 13,231 times
A second? A day? A month? Since you've setup your Linode?

Your statement has as much useful content as Han Solo's "making the Kessel Run in under 12 parsecs" line.

As I've mentioned, PING is used by MANY legitimate services, and no competent hacker relies on it to determine if there's a "target" out there.

But hey, turn off ping, make your life as a sysadmin much harder, what do I care.

It has plenty of useful content; Kessel is right next to the Maw, an abnormally dense collection of black holes, requiring a circuitous winding path to be navigated to reach it. A faster ship would allow the pilot to cut closer to the gravity wells than would otherwise be possible, allowing a shorter route to be taken, or for paths that would normally be completely impossible.

It's a simple optimization problem. Making a run to Kessel in under 12 parsecs (to or from what point is not really clear) would mean that the high speed of the ship and skill of the pilot allowed a more direct route, saving time.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct