HPE Community
Operating System - HP-UX
1829020 Members
2185 Online
109986 Solutions
New Discussion

Disable ping request

 
Manoj Misra
Advisor

‎05-19-2002 10:05 PM

‎05-19-2002 10:05 PM

Disable ping request

Hi All,

I want to disable ping on HP 11 box. I need your expert help.

Thanks
Manoj
0 Kudos
Reply
7 REPLIES 7
Michael Tully
Honored Contributor

‎05-19-2002 10:22 PM

‎05-19-2002 10:22 PM

Re: Disable ping request

Hi,

Seeing that 'ping' in in fact a binary, the easiest way would be to either move it somewhere out of the default path (recommended) or remove it completely including the man page. You could remove it also using 'swremove' and look for it in the core OS fileset.

# whereis ping
ping: /usr/sbin/ping /usr/share/man/man1m.Z/ping.1m

HTH
~Michael~
Anyone for a Mutiny ?
0 Kudos
Reply
Manoj Misra
Advisor

‎05-19-2002 10:29 PM

‎05-19-2002 10:29 PM

Re: Disable ping request

Hi Michael,

I want to disable ping request response from my system. System should not reply any ping request comming from network.

Thanks
Manoj
0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

‎05-19-2002 10:50 PM

‎05-19-2002 10:50 PM

Re: Disable ping request

Hi,

On HP-UX 11.X, you cannot disable ICMP echo response. On HP-UX 11i, you can rely on IPFilter/9000 (you need to purchase) to filter off different types of ICMP packets including ICMP echo requests. Alternatively, for both HP-UX 11.X and 11i, you can rely on third-party host-based firewall software such as netfilter's iptables to perform similar form of filtering.

On both HP-UX 11.X and 11i by default (without need for additional software), you can disable ICMP response to address mask request and ICMP response to timestamp request (which are bigger security issues than ICMP echo request). To disable ICMP response to address mask request and timestamp request, do this:

# ndd -set /dev/ip ip_respond_to_address_mask_broadcast 0
# ndd - set /dev/ip ip_respond_to_echo_broadcast 0
# ndd -set /dev/ip ip_respond_to_timestamp 0
# ndd -set /dev/ip ip_respond_to_timestamp_broadcast 0

Hope this helps. Regards.

Steven Sim Kok Leong
0 Kudos
Reply
Michael Tully
Honored Contributor

‎05-19-2002 10:59 PM

‎05-19-2002 10:59 PM

Re: Disable ping request

I wasn't going to suggest 'ndd' seeing there is a current security bulletin about it.

I'm not sure why you would want to do this anyway unless you having firewall issues.
Anyone for a Mutiny ?
0 Kudos
Reply
T G Manikandan
Honored Contributor

‎05-19-2002 11:01 PM

‎05-19-2002 11:01 PM

Re: Disable ping request

Manoj,
I think you cannot disable ping on a hpux machine.
YOu have to do that in your firewall.

Thanks
0 Kudos
Reply
Manoj Misra
Advisor

‎05-19-2002 11:34 PM

‎05-19-2002 11:34 PM

Re: Disable ping request

Hi All,

Is there any possibility in 10.20..?

Regards
Manoj
0 Kudos
Reply
Stefan Farrelly
Honored Contributor

‎05-20-2002 12:23 AM

‎05-20-2002 12:23 AM

Re: Disable ping request


The ndd command on HP-UX 11 = the nettune command on 10.20
Im from Palmerston North, New Zealand, but somehow ended up in London...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.