linux 禁ping-白红宇

linux 禁ping

阅读量：4705 次

发布时间：2019-06-10

本文共 3530 字，大约阅读时间需要 11 分钟。

今天用nmap扫描了局域网的主机,发现几个主机开着好多危险端口,做linux的,对这些安全知识有一点了解.遂用nmap扫描了自己的主机是否存在可利用端口.发现每次nmap都能成功的检测我的主机是alive状态.nmap功能强大,作为一个小小的个人主机,咱是无能为力禁止nmap发现主机了.但是咱可以禁止ping.让手段不高的人发现不了主机.

1.首先,linux没有禁止ping的情况下,能够平通自己的主机:

1 localhost:~$ ping 8.8.8.22 PING 8.8.8.1 (8.8.8.2) 56(84) bytes of data.3 64 bytes from 8.8.8.2: icmp_seq=1 ttl=64 time=0.079 ms4 64 bytes from 8.8.8.2: icmp_seq=2 ttl=64 time=0.080 ms

localhost:~$ sudo tcpdump -i any -nn icmp    用tcpdump 检测的效果tcpdump: verbose output suppressed, use -v or -vv for full protocol decodelistening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes11:27:43.651510 IP 8.8.8.2 > 8.8.8.2: ICMP echo request, id 8389, seq 68, length 6411:27:43.651535 IP 8.8.8.2 > 8.8.8.2: ICMP echo reply, id 8389, seq 68, length 6411:27:44.675532 IP 8.8.8.2 > 8.8.8.2: ICMP echo request, id 8389, seq 69, length 6411:27:44.675557 IP 8.8.8.2 > 8.8.8.2: ICMP echo reply, id 8389, seq 69, length 6411:27:45.703558 IP 8.8.8.2 > 8.8.8.2: ICMP echo request, id 8389, seq 70, length 6411:27:45.703581 IP 8.8.8.2 > 8.8.8.2: ICMP echo reply, id 8389, seq 70, length 6411:27:46.723521 IP 8.8.8.2 > 8.8.8.2: ICMP echo request, id 8389, seq 71, length 6411:27:46.723552 IP 8.8.8.2 > 8.8.8.2: ICMP echo reply, id 8389, seq 71, length 6411:27:47.747520 IP 8.8.8.2 > 8.8.8.2: ICMP echo request, id 8389, seq 72, length 6411:27:47.747551 IP 8.8.8.2 > 8.8.8.2: ICMP echo reply, id 8389, seq 72, length 6411:27:48.771511 IP 8.8.8.2 > 8.8.8.2: ICMP echo request, id 8389, seq 73, length 6411:27:48.771538 IP 8.8.8.2 > 8.8.8.2: ICMP echo reply, id 8389, seq 73, length 64

2.linux系统运行起来后,用参数控制主机是否接收icmp协议(ping通过icmp协议来进行主机发现),这些参数加载到内存中,linux系统的/proc 目录就是内存的镜像,可以从/proc系统通过查找 /proc/sys/net/ipv4/icmp_echo_ignore_all 查看目前的主机是否禁用icmp协议,0表示没有禁用,就是说其他主机ping当前主机的时候,当前主机作出回应.1表示禁用ping,其他主机ping当前主机的时候,当前主机不回应.

1 localhost:~$ cat /proc/sys/net/ipv4/icmp_echo_ignore_all 2 0

3.之后,用root权限修改 /etc/sysctl.conf文件,添加一行

1 localhost:$ sudo vi /etc/sysctl.conf 2 ....... 3 ...... 4 net.ipv4.icmp_echo_ignore_all = 1     #添加该行 5  6  7 :wq   #保存退出 8  9 localhost:~$ sudo sysctl -p          #执行着一条命令,使刚才的修改生效10 net.ipv4.icmp_echo_ignore_all = 1    #sysctl.conf 文件中生效的配置11 12 13 localhost:~$ cat /proc/sys/net/ipv4/icmp_echo_ignore_all     #再次查看该配置,现在已经禁用icmp协议回复ping了14 1

4.在ping自己的主机看看,看到无法回复ping了.

1 localhost:~$ ping 8.8.8.22 PING 8.8.8.2 (8.8.8.2) 56(84) bytes of data.3 ^C4 --- 8.8.8.2 ping statistics ---5 3 packets transmitted, 0 received, 100% packet loss, time 2047ms

1 localhost:~$ sudo tcpdump -i any -nn icmp     #可以看到只有request,没有replay了. 2 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode 3 listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes 4 11:31:32.054412 IP 8.8.8.2 > 8.8.8.2: ICMP echo request, id 8605, seq 1, length 64 5 11:31:33.059607 IP 8.8.8.2 > 8.8.8.2: ICMP echo request, id 8605, seq 2, length 64 6 11:31:34.083520 IP 8.8.8.2 > 8.8.8.2: ICMP echo request, id 8605, seq 3, length 64 7 11:31:35.107526 IP 8.8.8.2 > 8.8.8.2: ICMP echo request, id 8605, seq 4, length 64 8 11:31:36.131524 IP 8.8.8.2 > 8.8.8.2: ICMP echo request, id 8605, seq 5, length 64 9 11:31:37.155536 IP 8.8.8.2 > 8.8.8.2: ICMP echo request, id 8605, seq 6, length 6410 11:31:38.179573 IP 8.8.8.2 > 8.8.8.2: ICMP echo request, id 8605, seq 7, length 6411 11:31:39.203568 IP 8.8.8.2 > 8.8.8.2: ICMP echo request, id 8605, seq 8, length 6412 11:31:40.227618 IP 8.8.8.2 > 8.8.8.2: ICMP echo request, id 8605, seq 9, length 64

转载于:https://www.cnblogs.com/mingxiazhichan/p/6950678.html

你可能感兴趣的文章