View and vote on the article here: Hide your machine
Hide your machine| Category | | | Summary | Attackers usually perform some sort of investigation before attempting
anything. First, they need to map a net, to see what machines (IP addresses)
are in use and, afterwards, study the targets for possible holes and
security risks. |
| | Body | So the very first step to avoid being attacked is to avoid being discovered.
In this mini-tutorial for GNU/Linux users, we'll show you a simple technique to hide your boxes
from casual target scanners.
ICMP is the protocol ping uses. Basically, it's a ECHO REQUEST message sent
to the machine you want to check. Under normal conditions, the machine will
reply with an ECHO REPLY message, in which case you know the target is up.
If the machine is down, usually you will receive a message from the last
machine in the path from the sender to the final machine (a router) saying
the target is not up (in ICMP jargon, of course).
The trick then consists in changing the default behaviour of your machine to
stop replying to ECHO messages, hiding itself from that sort of scan.
To accomplish this, simply go (as root) to the /proc/sys/net/ipv4 directory
and then do the following: echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts Now try to ping your machine from a different box (or from the actual box)
and see, well, that you don't see your box!
Note: since you are blocking ICMP echo messages, TCP/UDP scans still works,
don't think you are totally invisible...
A last warning: this needs to be done every time you reboot your machine; to
avoid the pain, just add those lines to the configuration files, for example
at the end of /etc/rc3.d/S99local. |
|
This article was imported from zZine. (original author: alfer)
There are no replies to this post yet.
|