[sf-lug] [Cool little check]
Michael Paoli
Michael.Paoli at cal.berkeley.edu
Sun Sep 2 21:59:41 PDT 2018
RFC-1122:
"
Every host MUST implement an ICMP Echo server function that
receives Echo Requests and sends corresponding Echo Replies.
"
Standards matter - it's what makes the Internet work (among other things).
Now, you can play a bit loosey goosey ... but then all bets are off.
But - if one follows the standards, it's mandatory to reply.
So, yeah, disabling "ping" (responding to ICMP echo request with
ICMP echo reply) - not generally a good idea.
That however doesn't mean lots o' folks implement "not a good ideas"
on The Internet.
Some do better at generally following standards.
E.g. Google - yes, can ping Google on The Internet.
Many silly sites disable that.
Oh, and if you want to be more stealthy ... blocking ping (ICMP
echo request/reply) only hides a tiny part of layer 3,
if you want to hide layer 2 and be more stealthy,
try disabling ARP queries and replies ... good luck with that. ;->
Heck, why not block all layer 2 packets - just drop 'em on the floor ...
ultimate stealth. Have fun! Whee!!! ;->
> From: maestro <maestro415 at gmail.com>
> Subject: [sf-lug] [Cool little check]
> Date: Sat, 1 Sep 2018 00:14:06 -0700
> Saw this done by a Devuan [Systemd free Debian distro] user...
> A lot of you probably know how to do this already but for those that
> dont:
> [Copied directly from them I left as they wrote it]
>
> To avoid pinging: go to:
>
> # nano /etc/ufw/before.rules
> And leave this section looking like this:
>
> # ok icmp codes
> -A ufw-before-input -p icmp --icmp-type destination-unreachable -j DROP
> -A ufw-before-input -p icmp --icmp-type source-quench -j DROP
> -A ufw-before-input -p icmp --icmp-type time-exceeded -j DROP
> -A ufw-before-input -p icmp --icmp-type parameter-problem -j DROP
> -A ufw-before-input -p icmp --icmp-type echo-request -j DROP
> Next, go to www.grc.com and click on ShieldsUp, next screen scroll down to
> Hot
> Spots, and click on ShieldsUp again, next screen click on Proceed, next
> screen
> click on All Service Ports and let it check the ports, gives an ok result,
> the
> ports are neon green, and gives you this veredict:
>
>
> I didn't paste the verdict but it should say your system has achieved a
> perfect "TruStealth" rating
>
>
> 'maestro'
More information about the sf-lug
mailing list