Why and How to Turn Off Ping (ICMP) for Servers?

The ping command is popular and it is often used to tell if a server is online. You can ping a host by sending some small packages of data to the server, if the server is online and the ping service is enabled, it will send back some random data which marks the acknowledgements. The purpose is two fold: you can test the connection speed and you can be sure that the server is online.

Why you should turn off the Ping (ICMP)?

In a simple word: for security. The Ping is merely there for the aforementioned two purposes and it is not a vital service that you rely upon. Turning on increases the risks of being identified as a potential target by some IP scanners.

ping

Also, you should never expose your IP addresses in public. It is also better to use CloudFlare to hide your real IP addresses so in case of DDOS attacks, the CloudFlare adds another layer of security. If Your Ping is turned on and responds to the spam IP scans, your server may be identified as a target by IP address, which can’t be protected by CloudFlare.

How can you turn off the PING (ICMP)?

Run the following command as the root (or sudo):

1

echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all

echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all

To re-enable the PING, simply replace the above command ‘echo 1’ with ‘echo 0’. If you want to apply the changes permanently (e.g. after reboot), you then are required to add the following line after /etc/sysctl.conf.

1

net.ipv4.icmp_echo_ignore_all = 1

net.ipv4.icmp_echo_ignore_all = 1

Set the variable to 0 to re-enable the PING. To apply the changes immediately, run the command:

1

sysctl -p

sysctl -p

After the PING is disabled, the ping to your IP will simply show ‘Request timed out’. This is great as you don’t want attackers to know that your host is online.

Recommended Security Configurations for Linux Servers

• Turn off root Remote Access

–EOF (The Ultimate Computing & Technology Blog) —