Configure linux server to deny icmp ping request

Configure linux server to deny icmp ping request

ICMP protocol is used by ping command to check the connectivity between two computers. By defaults all Linux servers will response on ICMP request. Hacker can misuse this service. They can generate countless ping requests to your Linux server. This is what called DOS denial of services.

In this article I will show that how can you block ICMP ping request

We will use to two system for this practical. Go on first Linux system and set IP address to 192.168.0.254

Apply new IP by service network restart command and verify it ifconfig

Now go other machine and set IP address to 192.168.0.1 (I am using window machine for testing you can use your Linux machine for it also.)

verify new ip by ipconfig

Test connectivity with server by ping commands

You will get reply because all Linux servers are by default configured to response on ICMP ping request.

Now go back on Linux server and configure it to deny ping request.

We need to add deny tag in sysctl.conf file open /etc/sysctl.conf file

Now add net.ipv4.icmp_echo_ignore_all = 1 line in the end of file and save this file

Change will take place after restart, reboot system with reboot -f commands

Now try to ping form other system again you will not get replay now

Now other system cannot ping the Linux server but Linux server can ping ohter system as so far our other system have no such service configured. Go on Linux server and pingother system

After doing practical don't forget remove net.ipv4.icmp_echo_ignore_all = 1 line form sysctl.conf on server. Otherwise you will not get replay form server that not good at least in classroom lab.