To totally unlock this section you need to Log-in
Login
ICMP family protocol is used by ping command to check the connectivity between two computers. By defaults all Linux servers will response on ICMP request. Hacker can misuse this service. They can generate countless ping requests to your Linux server. This is what called DOS denial of services. In this article we will show that how can you block ICMP ping request.
We will use to two system for this practical. Go on first Linux system and set IP address to 192.168.0.254.
Apply new IP by using "service network restart" command and verify it with ifconfig.
Now go other machine and set IP address to 192.168.0.1 (we are using window machine for testing you can use your Linux machine for it also).
Verify new ip address by using ipconfig.
Test connectivity with server by using ping commands:
You will get reply because all Linux servers are by default configured to response on ICMP ping request.
Now go back on Linux server and configure it to deny ping request. We need to add deny tag in sysctl.conf file open /etc/sysctl.conf file:
Now add net.ipv4.icmp_echo_ignore_all = 1 line in the end of file and save this file:
Change will take place after restart, reboot system with reboot -f commands:
Now try to ping form other system again you will not get replay now:
Now other system cannot ping the Linux server but Linux server can ping other system as so far our other system have no such service configured. Go on Linux server and ping other system:
After doing practical don't forget remove net.ipv4.icmp_echo_ignore_all = 1 line form sysctl.conf on server.
 |  |