[转]Disable ping response

What is a ping:

Usually a ping is used to check if a machine is up and to check the network status.

It is a small network packet sent to the machine. If the machine is up, an answer will be sent. The time needed to get the answer is called ping time or round-trip time.

The ping response from an IP indicates the machine is up.

Unfortunately this can be used to quickly scan an IP-range for reachable hosts.

This can be used to find potential hackable machines. If your machine doesn’t answer to pings, your chance to be seen is reduced. (That doesn’t mean your machine is more secure, the machine is just not that easy to be seen from the internet. Nothing more.)

How do I disable the ping response?

Add the following line to your init script for the network (the name depends on the distribution you use):

echo 1 >/proc/sys/net/ipv4/icmp_echo_ignore_all

This disables ping responses. To reenable, use the following command:

echo 0 >/proc/sys/net/ipv4/icmp_echo_ignore_all

To make this permanent set the following into /etc/sysctl.conf (if you have such a file)

net.ipv4.conf.icmp_echo_ignore_all = 1