Michael Soulier wrote: > > On Sun, 10 Sep 2000, ktb wrote: > > > From: http://www.linuxgazette.com/issue55/stoddard.html > > > > Before you save and close the /etc/rc.d/rc.local file, we want to keep > > the system from responding to ICMP requests, such as ping > > and traceroute, so we add the following lines right after the #!/bin/sh > > line: > > > > echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all > > echo 1 > /proc/sys/net/ipv4/tcp_syncookies > > Well, there is no such animal on my system. Debian doesn't use an > rc.local file, does it? > However, looks like this is being done already:
<snip> No Debian doesn't use rc.local, here is a link describing how Debian sets things up -- http://www.debian.org/doc/FAQ/ch-customizing.html#s-custombootsscripts First off from the command line execute the command -- echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all You should not be able to ping 127.0.0.1 or your machine's IP. If you want to turn ping back on execute -- echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all You can do this without rebooting. When you turn off ping in this way, when you reboot it will be lost. Ping will work again. Hence the need to put it in a boot script if you want to make it permanent. If you have trouble with the boot script let me know. I'm not a whiz at it but I could cobble something together:) You asked something about shutting off your machine to respond to ping, in your last message, as being a good start to securing your machine. Not really it is a step. Take a look at this free book -- http://pages.infinit.net/lotus1/opendocs/book.htm It is Redhat specific but there is some good info there. At least it will give you an idea of some of the steps you need to take. hth, kent ________________________________________________________________ "Neurosis is the way of avoiding non-being by avoiding being." - Paul Tillich, American theologian (1886-1965).
