Find the answer to your Linux question:
Results 1 to 5 of 5
I am looking for a way to determine if My machine is being pinged and if there is a way to get an alert if I am. Any help would ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Oct 2012
    Posts
    2

    Am I being pinged?


    I am looking for a way to determine if My machine is being pinged and if there is a way to get an alert if I am. Any help would be appreciated. THX.

  2. #2
    Administrator MikeTbob's Avatar
    Join Date
    Apr 2006
    Location
    Texas
    Posts
    7,864
    Hello and Welcome.
    I'm not too sure about being alerted when it takes place but you can disable ping echoes.
    Linux Howtos: Security -> Disable ping response
    I do not respond to private messages asking for Linux help, Please keep it on the forums only.
    All new users please read this.** Forum FAQS. ** Adopt an unanswered post.

    I'd rather be lost at the lake than found at home.

  3. #3
    Just Joined!
    Join Date
    Oct 2012
    Posts
    2
    I had heard about killing the responses. But it would be good to know if someone was knocking on the door.

  4. #4
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,317
    Quote Originally Posted by badwabbit924 View Post
    I had heard about killing the responses. But it would be good to know if someone was knocking on the door.
    If you want to know about the pings, then you can use IPTABLES (a firewall for Linux that is implemented in the kernel and controlled via user-space tools). There is a LOG feature in IPTABLES that would allow you to DROP/REJECT the ICMP (ping) packets and additionally keep a log of it.

    If you are at all concerned about the security of your system, you should be running a firewall on your box. And root should not be allowed to log in remotely.

    You should also check out DenyHosts - a great Linux security tool:

    What is DenyHosts?

    DenyHosts is a Python script that analyzes the sshd server log messages to determine what hosts are attempting to hack into your system. It also determines what user accounts are being targeted. It keeps track of the frequency of attempts from each host.

    Additionally, upon discovering a repeated attack host, the /etc/hosts.deny file is updated to prevent future break-in attempts from that host.

    An email report can be sent to a system admin.

  5. #5
    Linux Engineer Kloschüssel's Avatar
    Join Date
    Oct 2005
    Location
    Italy
    Posts
    773
    Doing a ping on someones computer is not a crime and it does not hurt if someone responds on that. There are various other means to know if a host is alive or not once you know the ip address. Thus, disabling ICMP responses does not tighten the security of your system at all.

    Maybe you should also take a look at fail2ban. That should make most attacks that try to gain access on your system by probing different passwords totally unfeasible, especially if you got strong passwords and use certificates to authenticate.

    Of course that helps only if you keep the system up-to-date and make sure that is not vulnerable to attacks that bypass authentication.

    JMTC

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •