[olug] RH9 firewall security question

Vincent.Raffensberger at dtn.com Vincent.Raffensberger at dtn.com
Sun Feb 1 00:28:39 UTC 2004


By blocking or disabling ping responses from your system you will see 
substantially fewer port scans and probes.  It's probably worth the 
inconvenience it may sometimes cause.
You can do it in the kernel or via iptables.

To disable icmp responses via the kernel add this to /etc/sysctl.conf
net.ipv4.icmp_echo_ignore_all = 1

You could additionally add these:
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.conf.all.accept_redirects = 0

An iptables rule to drop icmp for your external interface only would look 
like this:
iptables -A INPUT -i eth0 -p icmp -j drop






Francis Geiger <hmcsret at cox.net> 
Sent by: olug-bounces at olug.org
01/31/2004 05:04 PM
Please respond to
Omaha Linux User Group <olug at olug.org>


To
Omaha linux user group email <olug at olug.org>
cc

Subject
[olug] RH9 firewall security question






I have been reading about Linux security issues in Linux Journal. I have
my RH9 firewall set at high.  I used grc.com web site to check my
firewall and it reported my ports as closed or in stealth mode. The web
site did say the TruStealth: Not all tested ports were stealth, No
unsolicited packets were received, A ping reply ICMP Echo was received.
Should I be concerned about the ping reply?  If so what can I do about
it. I have been looking at the documentation and I are getting very
confused.  Thanks in advance for any help  Grant
-- 
Francis Geiger <hmcsret at cox.net>

_______________________________________________
OLUG mailing list
OLUG at olug.org
http://lists.olug.org/mailman/listinfo/olug



More information about the OLUG mailing list