-2

Preventing Ping Response for Linux on LAN

I read that Windows automatically blocks ping request to find the OS on a LAN for security reasons. If you were to do a ping scan with Nmap, any recent (updated) Windows machine won't show up.

Why does Windows do this automatically and not Linux?

How can I prevent ping attacks on my Debian Linux Machine?

TazerFace
  • 317
  • 3
  • 12
  • 5
    Like [this](http://www.linuxhowtos.org/Security/disable_ping.htm). (It took me roughly 15 seconds to google this.) – Tom K. Jan 22 '18 at 16:26
  • But why does Windows automatically do it, and not linux? – TazerFace Jan 22 '18 at 16:41
  • 3
    Because commands that are associated with [ICMP](https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol) can be quite useful for hackers (e.g. for checking devices on a network) but also for admins (e.g. for checking devices on a network). Blocking them from the beginning might be kind of annoying for admins, because they can block ICMP requests themselves later on. After they are done using them. This is a pretty good illustration of the different mindsets of Windows and Linux developers. Linux will give you the opportunity to customize your system, Windows will do it for you. – Tom K. Jan 22 '18 at 16:51
  • @TomK. No matter how many Issues I come across with Linux, it never compares to WIndows as far as accessibility goes. – TazerFace Jan 22 '18 at 16:59
  • 1
    Your previous question title was much, **much** better than this one. "Ping of Death" is not dangerous for a Windows system anymore, let alone Linux. Dropping ICMP Echo requests is not enough to mitigate ping flood. There's no such category as "ping attacks". – ximaera Jan 22 '18 at 17:06
  • On a LAN, hosts are often discovered more effectively with an ARP scan. Also see https://security.stackexchange.com/a/4442/90657 – multithr3at3d Jan 22 '18 at 23:09

1 Answers1

3

Why Ping is so important:

The main reason why Windows takes extra precautions with Ping is because of many issues related to ping in the past. Some of them include Ping of Death and Ping Flooding which uses ICMP Echo Request (ping) packets.

I'll provide some links to the most common forms of threats related to ping so you can have a better understanding of why Windows blocks certain protocols and why you may want to setup your Linux environment to do the same (by the way, there are many pieces of documentation on doing this exact thing).

Common Ping Exploits:

Ping of Death

Ping Flooding

Twinge Attack

Smurf DoS Attack

Setting Up Linux Environment:

This step won't make you immune to these exploits, this will just make it harder for someone to locate your device on a Local Area Network.

Here is the most common way to disable ICMP echo (ping) responses in Linux:

Add the following line to your init script for the network (the name depends on the distribution you use):

echo 1 >/proc/sys/net/ipv4/icmp_echo_ignore_all

This disables ping responses.

To re-enable, use the following command:

echo 0 >/proc/sys/net/ipv4/icmp_echo_ignore_all

To make this permanent set the following into /etc/sysctl.conf (if you have such a file)

net.ipv4.conf.icmp_echo_ignore_all = 1

You can read more into the steps with this site which is the first site you should come across when googling "Disable Ping in Linux". But hopefully this helps you understand why Windows does this automatically.

ximaera
  • 3,395
  • 8
  • 23
WatchDog
  • 78
  • 1
  • 16
  • 1
    Ping flood attack isn't something from the past, it still happens. And neither in the past not nowadays can you mitigate that with `icmp_echo_ignore_all` on a network endpoint. – ximaera Jan 22 '18 at 17:08
  • I'm fully aware of that @ximaera . Different exploits call for differnet procedures, but I did describe how to make it harder for a Network Admin or an Intruder to locate said device with a ping scan, which is what the title asked for at one point. – WatchDog Jan 22 '18 at 17:15