Creation of security setup so that one can ping only to permissive IP address.

Yashraj Oswal
3 min readJan 5, 2021

--

Hello enthusiasts, I hope you are doing well. Today we are going to learn how we can create a setup where even if the google and Facebook like servers whom we can ping 24/7, we can restrict to ping their IP by doing small changes in our system.

Now, the question arises why is the need to setup such configuration, the ICMP Echo protocol usually known as “Ping” is mostly harmless. Its main security-related issues are: In the presence of requests with a fake source address i.e “spoofing”, they can make a target machine send relatively large packets to another host. So we should always be aware to whom we are pinging and who else from outside world can ping us. Usually you can stop

Pre-requites: In this setup I have used RHEL-8 Virtual-Box operating system.

Let’s start with the setup..!

First lets check whether we can ping Google and Facebook.

Now, let us understand how ping command works. Ping command is used to check the reachability of a network. For this it sends packets to destination host and in response when the destination sends packets, we can term that the current destination network is alive and is reachable.

Now, how this pinging to any network works, We have a route table which comprises of certain sets of route rule through which system is able to ping the permissive network range IP.

Command: route -n

In the above image, Destination 0.0.0.0 allows to ping any IP and also allows any random traffic to ping our N/W IP.

So, let us delete the highlighted route rule and check what happens…

Command: route del -net 0.0.0.0

Now, that we have deleted the rule, lets check whether google and facebook are still pingable or not..

Let us create our setup so that only Google can be pingable and not Facebook…

Requirements:

  1. Google IP address: 142.250.67.196 , you can get this when you run command: ping www.google.com or nslookup www.google.com
  2. Your Gateway IP
  3. N/w interface card name
  4. Netmask

Now, to add the new route rule which will have google IP as destination IP.

Command: route add -net 142.250.67.0 netmask 255.255.255.0 gw 192.168.1.1 enp0s3

Now in the command 142.250.67.196 is taken as -net 142.250.67.0/range through this we have set a specific range for IP address.

So, New route rule is been added, let us now ping again and see what output we get…!

So here we finally completed the setup, hope you found my blog helpful.

Thank-you! Keep Learning, Keep Sharing Knowledge..!

--

--

No responses yet