linux 禁ping

        今天用nmap掃描了局域網的主機,發現幾個主機開着好多危險端口,作linux的,對這些安全知識有一點了解.遂用nmap掃描了本身的主機是否存在可利用端口.發現每次nmap都能成功的檢測個人主機是alive狀態.nmap功能強大,做爲一個小小的我的主機,咱是無能爲力禁止nmap發現主機了.可是咱能夠禁止ping.讓手段不高的人發現不了主機.

        1.首先,linux沒有禁止ping的狀況下,可以平通本身的主機:

1 localhost:~$ ping 8.8.8.2
2 PING 8.8.8.1 (8.8.8.2) 56(84) bytes of data.
3 64 bytes from 8.8.8.2: icmp_seq=1 ttl=64 time=0.079 ms
4 64 bytes from 8.8.8.2: icmp_seq=2 ttl=64 time=0.080 ms

       

localhost:~$ sudo tcpdump -i any -nn icmp    用tcpdump 檢測的效果
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
11:27:43.651510 IP 8.8.8.2 > 8.8.8.2: ICMP echo request, id 8389, seq 68, length 64
11:27:43.651535 IP 8.8.8.2 > 8.8.8.2: ICMP echo reply, id 8389, seq 68, length 64
11:27:44.675532 IP 8.8.8.2 > 8.8.8.2: ICMP echo request, id 8389, seq 69, length 64
11:27:44.675557 IP 8.8.8.2 > 8.8.8.2: ICMP echo reply, id 8389, seq 69, length 64
11:27:45.703558 IP 8.8.8.2 > 8.8.8.2: ICMP echo request, id 8389, seq 70, length 64
11:27:45.703581 IP 8.8.8.2 > 8.8.8.2: ICMP echo reply, id 8389, seq 70, length 64
11:27:46.723521 IP 8.8.8.2 > 8.8.8.2: ICMP echo request, id 8389, seq 71, length 64
11:27:46.723552 IP 8.8.8.2 > 8.8.8.2: ICMP echo reply, id 8389, seq 71, length 64
11:27:47.747520 IP 8.8.8.2 > 8.8.8.2: ICMP echo request, id 8389, seq 72, length 64
11:27:47.747551 IP 8.8.8.2 > 8.8.8.2: ICMP echo reply, id 8389, seq 72, length 64
11:27:48.771511 IP 8.8.8.2 > 8.8.8.2: ICMP echo request, id 8389, seq 73, length 64
11:27:48.771538 IP 8.8.8.2 > 8.8.8.2: ICMP echo reply, id 8389, seq 73, length 64

 

2.linux系統運行起來後,用參數控制主機是否接收icmp協議(ping經過icmp協議來進行主機發現),這些參數加載到內存中,linux系統的/proc 目錄就是內存的鏡像,能夠從/proc系統經過查找 /proc/sys/net/ipv4/icmp_echo_ignore_all 查看目前的主機是否禁用icmp協議,0表示沒有禁用,就是說其餘主機ping當前主機的時候,當前主機做出迴應.1表示禁用ping,其餘主機ping當前主機的時候,當前主機不迴應.

1 localhost:~$ cat /proc/sys/net/ipv4/icmp_echo_ignore_all 
2 0

       3.以後,用root權限修改 /etc/sysctl.conf文件,添加一行

 1 localhost:$ sudo vi /etc/sysctl.conf
 2 .......
 3 ......
 4 net.ipv4.icmp_echo_ignore_all = 1     #添加該行
 5 
 6 
 7 :wq   #保存退出
 8 
 9 localhost:~$ sudo sysctl -p          #執行着一條命令,使剛纔的修改生效
10 net.ipv4.icmp_echo_ignore_all = 1    #sysctl.conf 文件中生效的配置
11 
12 
13 localhost:~$ cat /proc/sys/net/ipv4/icmp_echo_ignore_all     #再次查看該配置,如今已經禁用icmp協議回覆ping了
14 1

    4.在ping本身的主機看看,看到沒法回覆ping了.

1 localhost:~$ ping 8.8.8.2
2 PING 8.8.8.2 (8.8.8.2) 56(84) bytes of data.
3 ^C
4 --- 8.8.8.2 ping statistics ---
5 3 packets transmitted, 0 received, 100% packet loss, time 2047ms

 1 localhost:~$ sudo tcpdump -i any -nn icmp     #能夠看到只有request,沒有replay了.
 2 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
 3 listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
 4 11:31:32.054412 IP 8.8.8.2 > 8.8.8.2: ICMP echo request, id 8605, seq 1, length 64
 5 11:31:33.059607 IP 8.8.8.2 > 8.8.8.2: ICMP echo request, id 8605, seq 2, length 64
 6 11:31:34.083520 IP 8.8.8.2 > 8.8.8.2: ICMP echo request, id 8605, seq 3, length 64
 7 11:31:35.107526 IP 8.8.8.2 > 8.8.8.2: ICMP echo request, id 8605, seq 4, length 64
 8 11:31:36.131524 IP 8.8.8.2 > 8.8.8.2: ICMP echo request, id 8605, seq 5, length 64
 9 11:31:37.155536 IP 8.8.8.2 > 8.8.8.2: ICMP echo request, id 8605, seq 6, length 64
10 11:31:38.179573 IP 8.8.8.2 > 8.8.8.2: ICMP echo request, id 8605, seq 7, length 64
11 11:31:39.203568 IP 8.8.8.2 > 8.8.8.2: ICMP echo request, id 8605, seq 8, length 64
12 11:31:40.227618 IP 8.8.8.2 > 8.8.8.2: ICMP echo request, id 8605, seq 9, length 64