OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: ICMP
From: Francois Harvey (fharveySECURIWEB.NET)
Date: Thu Nov 16 2000 - 18:34:27 CST

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

        A non ipchains solution is to do this :

echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all

(for ignoring all icmp ping request)

and

echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
(for ignoring only broadcast ping)

[----------------------------------------------------------------]
[ Francois Harvey (fharveysecuriweb.net) ]
[ Consultant en sécurité informatique ]
[ SécuriWeb enr. (http://www.securiweb.net) ]
[ Clé publique PGP: $ finger fharveysecuriweb.net > fharvey.asc ]
[----------------------------------------------------------------]

- -----Message d'origine-----
De : Focus on Linux Mailing List
[mailto:FOCUS-LINUXSECURITYFOCUS.COM]De la part de Heino Sloot
Envoyé : 16 novembre, 2000 16:11
À : FOCUS-LINUXSECURITYFOCUS.COM
Objet : ICMP

Hi All,
I have a ipchains firewall running Redhat 7.0
How do I block icmp traffic to my outside nic without affecting my
own icmp traffic which comes from inside?
I mean I should be able to ping the world, but the world should *not*
be able to ping me.

Thanks!
Heino

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3
Comment: [SecuriWeb enr.] http://www.securiweb.net

iQA/AwUBOhR9CwVLa1rtV/bvEQJKLACfZ/9XQDOkHVpm3d5QKKNvIpu0j9wAn0we
BfVK48DZymmGWyz2eB5kHrM9
=Mc6x
-----END PGP SIGNATURE-----