[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
If you want to block pings, you can also do a echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts Kevin Ruse Kvaerner Philadelphia Shipyard -----Original Message----- From: Paul [mailto:emailme@dpagin.net] Sent: Tuesday, September 23, 2003 2:31 PM To: plug@lists.phillylinux.org Subject: Re: [PLUG] Firewall Check Magnus Hedemark wrote: >ICMP Echo ("ping") is still passing through. There is a lot of controversy >over whether this is a good thing or not. IMHO, while it does open up some >possibility of attack, it is still a good thing. > > What about TCP pings? I need to open up the ssh port to give scanners something else to find! BTW, I found that my "rules" file is letting pings through by default, even though my "policy" file is set to block all traffic originating from the Internet. ACCEPT net fw icmp 8 _________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce General Discussion -- http://lists.netisland.net/mailman/listinfo/plug _________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce General Discussion -- http://lists.netisland.net/mailman/listinfo/plug