Every admin and unix user knows the command
ping. It is a very usefull tool to
check network availability. But it makes it easy for bad guys to find targets.
So, what to do if you are on a unix server and want to stop ping answers?
The easiest way is to execute the following command as root on the command line:
sysctl -w net.ipv4.icmp_echo_ignore_all=1
to enable it again just set the value to 0:
sysctl -w net.ipv4.icmp_echo_ignore_all=0
What if you are scared about ping flood attacks?
Then you can minimize the answer rate for ping requests:
sysctl -w net.ipv4.icmp_echoreply_rate=10
With this option you enable ping and protect your host for overloading.