Millions of packets are transmitted daily through the Internet for the effective communication of various data and throughout this process there are millions of threats that put this information at risk , a practice that we can implement is the blocking of ICMP messages since with this IP flooding on the server and denial of service attacks are avoided, which would significantly affect the performance of system processes..
Recall that, in order to exchange status data or error messages correctly, the nodes resort to the Internet Control Message Protocol - Internet Control Message and Error Protocol (ICMP), which has been developed to provide incident reports. in the delivery of packages or errors in the network.
There are several ways to block these ICMP messages and today in TechnoWikis we will see some of these options..
1. Block Pingo with IPTABLES on Linux
IPTABLES is an integrated Firewall tool through which it will be possible to create rules for each packet filtering and NAT modules thus implementing system security.
Step 1
In this example we will use Ubuntu 17 and for this we access the terminal and first we must log in as root users by executing the following command:
sudo -i
Step 2
Once we are as root users, we will add the following IPTABLES rule:
iptables -A INPUT --proto icmp -j DROP
Step 3
We can see the rule created by executing the following:
iptables -L -n -v
Step 4
We can ping a website to see if there is a response or not, remember that the ping command allows us to see the availability of a website by sending a series of packages and receiving responses from them. In this case we can see that several minutes have passed and no response is obtained.
2. Block Ping with variables in the Linux Kernel
Another option to use in Linux for blocking ICMP messages is to add certain variables to the system kernel which is responsible for removing all ping packets.
Step 1
To use this method we must first execute the following command:
sysctl -p
Step 2
Then we execute the following line:
echo “1â€> / proc / sys / net / ipv4 / icmp_echo_ignore_all
Step 3
Then, we will add the following line to the /etc/sysctl.conf file:
echo “net.ipv4.icmp_echo_ignore_all = 1†>> /etc/sysctl.conf
3. Block Ping with UFW on Linux
UFW is a modern firewall that can be implemented in Debian, CentOS and Ubuntu and through which we have the opportunity to make and manage various rules focused on system security.
Step 1
If we use UFW, we must access using the desired editor to the following file, /etc/ufw/before.rules:
sudo nano /etc/ufw/before.rules
Step 2
There, we will
locate the ok icmp codes for INPUT section and add the following line:
-A ufw-before-input -p icmp --icmp-type echo-request -j DROP
Step 3
We save the changes using the following key combination:
+ O Ctrl + O
We leave the editor using:
+ X Ctrl + X
Step 4
We will execute the following line to restart the firewall and apply the changes:
ufw disable && ufw enable
Step 5
If we are using CentOS 7 or RedHat we must execute the following lines to add the rule:
firewall-cmd --zone = public --remove-icmp-block = {echo-request, echo-reply, timestamp-reply, timestamp-request} --permanent firewall-cmd –reload
In this way we have blocked the use of ICMP and with this we prevent multiple attackers from being able to access our network and use network addressing to affect the local network and optimal system stability.