Block all ICMP traffic to improve security

6 replies [Last post]
Sam Witters
Offline
Joined: 11/01/2021

Hi. How to block all inbound and outbound ICMP traffic?

Sam Witters
Offline
Joined: 11/01/2021

I have finally found the solution:
Edit /etc/sysctl.conf
Add this line at the bottom of the file
net.ipv4.icmp_echo_ignore_all = 1
Run
sudo sysctl -p

Lef
Lef
Offline
Joined: 11/20/2021

Curious, why?

Sam Witters
Offline
Joined: 11/01/2021

To improve security.

lanun
Offline
Joined: 04/01/2021

When smurfs attack:

https://www.sciencedirect.com/topics/computer-science/smurf-attack

"The recommended guidance is to prevent broadcast addresses from being expanded, at least from packets on the Internet."

"Blocking ICMP doesn’t help: A variant, fraggle, uses UDP packets in a similar fashion to flood hosts."

andyprough
Offline
Joined: 02/12/2015

Worse than smurfs. Far worse. Fraggles.

Fraggle-Rock-The-Jim-Henson-Co-150.jpg
lanun
Offline
Joined: 04/01/2021

True. And we all know who is ultimately behind all these DDoS attacks.

ufonet-logo.png