How to use IPtables to block ICMP (Internet Control Message Protocol) requests?
Ans : To do this we have understand why we require this thing should be done.
When Hackers try to hack in to any machine first thing they will do is a basic ping test.
Code :
#ping target-machine
If this is succeed they will come to a conclusion that system is up and they can go forward and they can do DDOS attacks or try to find some other open ports using NMAP command.
Code :
#nmap target-machine
So if you are exposing a machine to outer world from your network, first disable incoming ping requests to your machine as follows.
So this can be done by two ways through IPtables
#ping target-machine
If this is succeed they will come to a conclusion that system is up and they can go forward and they can do DDOS attacks or try to find some other open ports using NMAP command.
Code :
#nmap target-machine
So if you are exposing a machine to outer world from your network, first disable incoming ping requests to your machine as follows.
So this can be done by two ways through IPtables
1. Reject the ICMP packets.
2. Drop the ICMP packets.
In the above mentioned methods best thing is to drop the ICMP packets, by doing this we are not giving any clue to hacker whether the system is alive or not. Where as if we do reject definitely hacker will come to know that ICMP packets are blocked and the system is live.
Step1 : Executing following command to drop all the incoming ICMP packets
#iptables –A INPUT –p icmp –icmp-type echo-request –j DROP
Let me explain this command
-A is to append this rule to already existing one.
INPUT specifies that it’s a
Step2 : Save this changes to IPtables file (/etc/sysconfig/iptables), restart the IPtables service and check your IPtables status whether your IPtables chain is updated or not.
#service iptables save
#service iptables restart
#iptables –L
How to allow icmp ping request in case you want them,First we have to remove the rule which we created for blocking the icmp ping.
#iptables –D INPUT –p icmp –icmp-type echo-request –j DROP
Then execute the following commands
#iptables –A INPUT –p icmp –icmp-type echo-request –j ACCEPT
#service iptables save
#service iptables restart
Some points to be noted
What are the methods used by hackers using this ICMP ping?
Though these are old denial-of-service attack (DoS attack), worth to learn them
Ping flood
Smurf attack
Ping to death
#service iptables save
#service iptables restart
#iptables –L
How to allow icmp ping request in case you want them,First we have to remove the rule which we created for blocking the icmp ping.
#iptables –D INPUT –p icmp –icmp-type echo-request –j DROP
Then execute the following commands
#iptables –A INPUT –p icmp –icmp-type echo-request –j ACCEPT
#service iptables save
#service iptables restart
Some points to be noted
What are the methods used by hackers using this ICMP ping?
Though these are old denial-of-service attack (DoS attack), worth to learn them
Ping flood
Smurf attack
Ping to death
Please comment your thoughts regarding this post:-)