Results 1 to 14 of 14

Thread: ICMP or no ICMP

  1. #1

    Question ICMP or no ICMP

    A friend of mine suggested that I disable ICMP via IPChains.

    Is there any reason why I should not keep it enabled? (Note: I'm the only one with administrative access to my server.)

  2. #2
    It is good to disable it, if you don't really need to ping your server...

    ICMP is a protocol used for sending ping requests... it can never be a bad thing to disable it, or allow a max of 3 requests / minute or sth...
    Leon Mergen
    [email protected]

  3. #3
    Join Date
    Apr 2001
    St. Louis, MO
    Apparently, you should not block all ICMP. Here is the whole debate that took place a while back:
    Mike @ 1-877-4-XIOLINK
    Advanced Managed Microsoft Hosting
    "Your data... always within reach"

  4. #4
    That debate kind of went over my head there. I'm still a novice at this server admin stuff.

    I talked to another friend and he said I should drop ICMP also since it's causes too many problems.

    I have the IPChains firewall and I was wondering if I shut it off completely or only make it accessible to trusted people or something.

  5. #5
    ICMP is used for other things than ping replies; there are a number of different types of ICMP packets. Many of these packet types can be used for scanning and/or DoS purposes, which is why people block them. While you can safely block most ICMP packet types it's generally considered a bad idea to disable all ICMP traffic because some of these packet types are important for proper and efficient network operation. Other types of packets are not important but very useful for troubleshooting and can be allowed selectively or rate-limited.

    Opinions about exactly what types of packets to allow and what types to block differ, but blocking them all is not a good solution. It may eliminate any security risk associated with this protocol - but the same thing could be said about blocking all TCP traffic, and you wouldn't want to do that...

  6. #6
    Join Date
    Apr 2002
    Seattle, WA
    My whole take on the ICMP thing is to block/not respond to oversized packets. A normal size ping can be harmless unless you are sending it at an alarming rate. Even so, at 56 bytes.. you need to be sending alot of packets to equal any sort of harmful bandwidth. Blocking all type of ICMP can stop traceroutes as well... just a thought... Just my 2 cents.
    I <3 Linux Clusters

  7. #7
    Join Date
    Jan 2002
    Atlanta, GA

    Ok... Let's try to clarify this.... ICMP good or bad....

    Well... It really depends on a lot of things...

    Blocking ICMP will inadvertently diminish the effectiviness of other protocals that rely on it to relay information that isn't permitted in it's native protocal...

    So... If this server isn't designed to be a high performance machine (i.e. in internet i/o)... You should be fine....

    The better thing would be to find some software that would filter it on the receiving end. Filter out malformed/oversized ICMP packets. Filter packets that arrive from the same source too many times over a period of time etc....

    Essentially a firewall

    My $.02..... Someone flame me and tell me I'm wrong....

  8. #8
    i dont see a point in blocking ICMP for one reason.. most ppl block it cuz they think it will prevent them from being DOSed.. which it will and it wont.. sure the packets wont get responded to meaning the impact won't be as bad, however bandwidth is still being used because the traffic is passing the router and hitting your box. blocking ip's at the router level is a better idea if this is what you want to prevent.

  9. #9
    OK, then - are there any rules I can drop into IPChains (which is my firewall software) then to prevent things like PING floods or any other form of ICMP abuse?
    Last edited by Kawshen; 06-13-2002 at 09:02 AM.

  10. #10
    I would suggest you to only allow 3 ping requests / minute from each ip... I currently have that setup, and it work very well for me.
    Leon Mergen
    [email protected]

  11. #11


    I would suggest you to only allow 3 ping requests / minute from each ip...

    OK - so how would I go about doing that? I'm pretty sure that isn't an IPChains thing....

  12. #12
    Join Date
    Oct 2001
    Personally, I do not block ICMP on my servers. I see more harm than good by blocking it.

  13. #13
    Join Date
    Aug 2002


    I'm interested in this as well.. can someone list the commands to run in order to set that in motion?

    Originally posted by Kawshen
    I would suggest you to only allow 3 ping requests / minute from each ip...

    OK - so how would I go about doing that? I'm pretty sure that isn't an IPChains thing....

  14. #14
    Join Date
    Jun 2002
    New York City
    rate limit it and only allow certian types of icmp. I know you can specify icmp types in ipfw on freebsd but if your using red hat you have bigger problems then icmp attacks.

    You can find a list of icmp types @

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts