ICMP Block With IPTABLES


Vishal Vyas (Linux Admin)

How to use IPtables to block ICMP (Internet Control Message Protocol) requests?
Ans : To do this we have understand why we require this thing should be done.
When Hackers try to hack in to any machine first thing they will do is a basic ping test.

Code :
#ping target-machine
If this is succeed they will come to a conclusion that system is up and they can go forward and they can do DDOS attacks or try to find some other open ports using NMAP command.

Code :
#nmap target-machine
So if you are exposing a machine to outer world from your network, first disable incoming ping requests to your machine as follows.

So this can be done by two ways through IPtables 1. Reject the ICMP packets.2. Drop the ICMP packets.

In the above mentioned methods best thing is to drop the ICMP packets, by doing this we are not giving any clue to hacker whether the system is alive or not. Where as if we do reject definitely hacker will come to know that ICMP packets are blocked and the system is live.

Step1 : Executing following command to drop all the incoming ICMP packets
#iptables –A INPUT –p icmp –icmp-type echo-request –j DROP
Let me explain this command
-A is to append this rule to already existing one.
INPUT specifies that it’s a

Step2 : Save this changes to IPtables file (/etc/sysconfig/iptables), restart the IPtables service and check your IPtables status whether your IPtables chain is updated or not.
#service iptables save
#service iptables restart
#iptables –L

How to allow icmp ping request in case you want them,First we have to remove the rule which we created for blocking the icmp ping.
#iptables –D INPUT –p icmp –icmp-type echo-request –j DROP

Then execute the following commands
#iptables –A INPUT –p icmp –icmp-type echo-request –j ACCEPT
#service iptables save
#service iptables restart

Some points to be noted
What are the methods used by hackers using this ICMP ping?
Though these are old denial-of-service attack (DoS attack), worth to learn them
Ping flood
Smurf attack
Ping to death

Please comment your thoughts regarding this post:-)

0 comments:

Post a Comment

// <![CDATA[// 

One Response to “ICMP Block With IPTABLES”

  1. Dinesh May 13, 2013 at 5:07 am #

    good examples..

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 27 other followers

%d bloggers like this: