Configure my PING to be stealth through firewall

Asked by Sebastian Powell on 2010-12-27

Question: "upon my testing of my security everything past... except when they REPLIED to my Ping (ICMP Echo) request.... in turn making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers how would I do such a thing" for Ubuntu

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu iptables Edit question
Assignee:
No assignee Edit question
Solved by:
Emre AYTAÇ
Solved:
2010-12-27
Last query:
2010-12-27
Last reply:
2010-12-27
Emre AYTAÇ (eaytac) said : #1

You can disable ping echo request with many ways. Please have a look at the following url:

http://ubuntuguide.net/how-to-disable-ping-response-in-ubuntu

This may help you...

Sebastian Powell (telattract) said : #2

Ok so when I try and close the window it tells me it's still running and that it would stop if I did.....so i did not do that ....further down on that page the person writes this but I dont understand what to do with it exactly?????? neither method is permanent unless you already have some mechanism that saves your iptables and restores them on reboot.

method 1 can be made permanent by editing the /etc/sysctl.conf file so that the setting gets picked up at boot time.

net.ipv4.icmp_echo_ignore_all=1

mycae (mycae) said : #3

Please be advised that dropping ping does not really improve your security -- to call it "stealth" is a misnomer at best.

The best way to ensure that you have good network security is to turn off unused services. Hiding ping will do nothing against simple tools like nmap, and is generally indicative of a poorly configured machine, which actually makes it more attractive to poke at.

Try using tools like netstat -l , or nmap (on yourself) to really improve security. If you are worried about general "hacking", I would suggest that these methods are ineffective at best. To really protect against hacking, have a read through some books on TCP/IP, and concepts like stack smashing -- this will help you understand how these attacks function, and how they can be prevented. Anything else is not an effective use of time.

Eg:
https://secure.wikimedia.org/wikipedia/en/wiki/Stack_smashing
https://secure.wikimedia.org/wikipedia/en/wiki/Buffer_overflow
https://secure.wikimedia.org/wikipedia/en/wiki/NOP_slide

Best Emre AYTAÇ (eaytac) said : #4

Yes, as you said above:

To make this permanent set the following into /etc/sysctl.conf

net.ipv4.conf.icmp_echo_ignore_all = 1

Sebastian Powell (telattract) said : #5

I need help understanding what to do here

Sebastian Powell (telattract) said : #6

First of all Emre, thank you very much for taking the time to explain this too me and I had accidentally posted the last comment unaware of your new information.....so it may or may not have been "dumb-luck" and I do mean "dumb" at least when it comes to the area....because you have now sparked another question that is not understood..... and that is since I have been stumbling along in UBUNTU (love it ) just don't know it (one week old in my experience in using it) so I followed there own documentation in suggestin I use GRC ShieldsUP! which said when I ran it that all the ports and so forth were secure, and that the ping was where my only vulnerability was.... ARE YOU TERLLING ME THAT THIS IS NOW NOT THE CASE?

Sebastian Powell (telattract) said : #7

Yeah I am sorry but opening up that link just made me even more confused? I guess going back to the old methodology I was trying... with the ping modification, I do not understand what to type into the terminal because I do not see A) where this

/etc/sysctl.conf

is going and once I know that if it is

B)separate than this net.ipv4.conf.icmp_echo_ignore_all = 1 and where do I type this one???????????

Sebastian Powell (telattract) said : #8

I need help understanding what to do here

mycae (mycae) said : #9

ping is not a vulnerability. It is a standard mechanism of determining if a host is present. The idea is if you don't respond to ping, then no-one can "see" you. This is a bit silly, as you can just connect to other services that the computer offers. This is demonstratable:

Eg.

Open a terminal and type

sudo apt-get install telnet

now type

telnet smtp.live.com 587

this will connect you to windows live's mail service.

Yet if you ping it

ping smtp.live.com

you can't see it.

There is no security offered by ping, if you know how to make the host talk to you anyway. The only thing that ping tells you is if a computer is up or down, which you can work out, if (and only if) you can connect to any other services.

mycae (mycae) said : #10

Personally, I would not worry so much about network vulnerabilities under linux, unless you start hosting services (mail, SSH etc). Your most likely problems will come from

* downloading scripts or external code from the internet and running them
* Running random commands into your computer, which you don't know what they do (the irony :) )
* Misconfiguring any kind of server software.

Emre AYTAÇ (eaytac) said : #11

Please press Alt + F2 buttons, then you will see Run Application window. Then type

gksu gedit /etc/sysctl.conf

type your user password, then you see sysctl.conf open in an editor. At the end of file, please add the following line and save file.

net.ipv4.conf.icmp_echo_ignore_all = 1

After rebooting your computer, ping request denied.

Your other question, before the last one:
Disabling ping request is not the solution many times but if you are behind a modem (for example adsl), the other ports are closed. So you can disable ping and this may be enough for you. If you want to configure Ubuntu Firewall easily, you can use gufw program. The following links may help you.

https://help.ubuntu.com/community/Gufw
http://gufw.tuxfamily.org/

Hope this helps...

Sebastian Powell (telattract) said : #12

Thanks Emre AYTAÇ, that solved my question.

Sebastian Powell (telattract) said : #13

thanks I just tested again and passed!!! : ^ }