Ping commands are very useful, but would-be attackers often use them to identify systems. To prevent that, we show you how to get your system to ignore these requests. Credit: Sandra Henry-Stocker/IDG The ping command sends one or more requests to a system asking for a response. It’s typically used to check that a system is up and running, verify an IP address, or prove that the sending system can reach the remote one (i.e., verify the route). The ping command is also one that network intruders often use as a first step in identifying systems on a network that they might next want to attack. In this post, we’re going to take a quick look at how ping works and then examine options for configuring systems to ignore these requests. How ping works The name “ping” came about because the ping command works in a way that is similar to sonar echo-location, which used sound propogation for navigation. The sound pulses were called “pings.” The ping command on Unix and other systems sends an ICMP ECHO_REQUEST to a specified computer, which is then expected to send an ECHO_REPLY. The requests and replies are very small packets. On many systems, the default is to send four such packets and display the result of each request and each reply with a summary at the end. Others continue sending pings until the person issuing the command enters control-C to stop the process. $ ping 192.168.0.22 PING 192.168.0.22 (192.168.0.22) 56(84) bytes of data. 64 bytes from 192.168.0.22: icmp_seq=2 ttl=128 time=2.52 ms 64 bytes from 192.168.0.22: icmp_seq=3 ttl=128 time=1.89 ms 64 bytes from 192.168.0.22: icmp_seq=4 ttl=128 time=2.58 ms 64 bytes from 192.168.0.22: icmp_seq=5 ttl=128 time=2.42 ms 64 bytes from 192.168.0.22: icmp_seq=6 ttl=128 time=9.29 ms 64 bytes from 192.168.0.22: icmp_seq=7 ttl=128 time=3.07 ms 64 bytes from 192.168.0.22: icmp_seq=8 ttl=128 time=1.88 ms 64 bytes from 192.168.0.22: icmp_seq=9 ttl=128 time=5.34 ms ^C --- 192.168.0.22 ping statistics --- 9 packets transmitted, 8 received, 11% packet loss, time 8018ms rtt min/avg/max/mdev = 1.884/3.628/9.295/2.376 ms The ping command also provides some insight into how well the network is performing. In the example above, you can see that 11 percent of the requests (one of the nine sent) failed to receive a response. It also provides some timing statistics that provide an indication of the route speed and quality. You can also specify the number of packets you want the ping command to send using the -c option. $ ping -c 1 192.168.0.22 PING 192.168.0.22 (192.168.0.22) 56(84) bytes of data. 64 bytes from 192.168.0.22: icmp_seq=1 ttl=128 time=3.83 ms --- 192.168.0.22 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 3.834/3.834/3.834/0.000 ms Ignoring ping requests To get a system to ignore ping requests, you could make use of sysctl — a tool for examining and changing kernel parameters at run time. This command changes the default value for the kernel setting that controls whether systems respond to pings: $ sudo sysctl -w net.ipv4.icmp_echo_ignore_all=1 A person sending ping requests would then see something like this: ping 192.168.0.23 Pinging 192.168.0.23 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 192.168.0.23: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), This setting can be put back to its original value using the same command, but with 0 instead of 1. $ sudo sysctl -w net.ipv4.icmp_echo_ignore_all=0 net.ipv4.icmp_echo_ignore_all = 0 You can also make the same change this way: echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all It’s important to note that this change (using either of the two commands shown) affects the system immediately, but it doesn’t survive a reboot. You can also make the change by adding these lines to your /etc/sysctl.conf file: # ignore ping requests net.ipv4.icmp_echo_ignore_all = 1 And then run this command so that the change takes effect without rebooting: sysctl -p Verify that the changes take effect when your system reboots, or you may have to run the sysctl -p command after booting the system or as part of the booting process. Suppressing pings using iptables If you use iptables to control connections on your system, a firewall command like this should block ping requests. # iptables -I INPUT -p icmp --icmp-type 8 -j DROP If you use iptables, it’s a good idea to also install iptables-persistent to help keep your iptables rules up to date. You can do that with this command: $ sudo apt-get install iptables-persistent When you make changes to the rules, run the following commands so they survive system reboots. $ sudo netfilter-persistent save $ sudo netfilter-persistent reload Cautions against ignoring ping requests While giving your Linux systems a more stealthy posture may be help in making them less accessible to hackers, there are some reasons why you might not want to do this. The ping command might be used by network administration services and for network troubleshooting. Fortunately, it’s easy to turn ping responses back on should you need to whether you use the sysctl setting or the firewall rules. Related content how-to Compressing files using the zip command on Linux The zip command lets you compress files to preserve them or back them up, and you can require a password to extract the contents of a zip file. By Sandra Henry-Stocker May 13, 2024 4 mins Linux opinion NSA, FBI warn of email spoofing threat Email spoofing is acknowledged by experts as a very credible threat. By Sandra Henry-Stocker May 13, 2024 3 mins Linux how-to The logic of && and || on Linux These AND and OR equivalents can be used in scripts to determine next actions. By Sandra Henry-Stocker May 02, 2024 4 mins Linux how-to Using the apropos command on Linux By Sandra Henry-Stocker Apr 24, 2024 3 mins Linux PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe