You may want to disable ping replies for many reasons, may be for a security reason, or to avoid network congestion.
Someone can flood the network with ping -f as shown in “Ping Example 5” in our earlier Ping Tutorial article. If ping reply is disabled we can avoid this flooding.
Disable ping reply Temporarily
You can temporarily disable the ping reply using the following method.
# echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
Please note that this setting will be erased after the reboot. To disable ping reply permanently (even after the reboot), follow the step mentioned below.
Also, to enable the ping reply back, set the value to “0” as shown below.
# echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_all
Disable ping reply Permanently
You can permanently disable the ping reply using the following method.
Step 1: Edit the sysctl.conf file and add the following line.
net.ipv4.icmp_echo_ignore_all = 1
Step 2: Execute sysctl -p to enforce this setting immediately.
# sysctl -p
The above command loads the sysctl settings from the sysctl.conf file.
After the ping reply is disabled using one of the above method, when somebody tries to ping your machine they will end up waiting without getting a ping reply packet even when the machine is up and running.
Comments on this entry are closed.
Disabling ping replies will violate the RFC standards (all machines must reply). IMHO better than block, is limit replies by iptables…
Will nmap still detect my computer?
it will kill IPv6, that dont use ARP