Hacker News new | past | comments | ask | show | jobs | submit login 

    iptables -A INPUT -p icmp -j DROP



http://shouldiblockicmp.com/

(But the guy running the probes is making a good counter argument)


This breaks PMTU and is the source of many mystery download stalls


This doesn't help. Even if you apply this at your router, you are locatable up to your ISP. Which is generally close enough.

Maybe if you delay pings by some amount (20ms? 100ms?), or randomize the delay, you can do a lot better at masking location.


Indeed. Openwrt for some reason defaults to reply to pings. I see the value of ICMP for servers, but I don't see the value for home ISP routers.

I disabled ICMP reply on my home router.


> Openwrt for some reason defaults to reply to pings.

it's a bit like greeting-back ppl on the street.

not doing it will not make you invisible. it will break somebody's assumption of decency, but most ppl don't care either way.


> I disabled ICMP reply on my home router.

Doesn't actually help at all because the BGP announced prefix of your IP can still be tracerouted. You won't be physically far from it.

Say if your ISP announces 125.15.18.0/17 and you're in 125.15.29.145, a traceroute will still yield a pretty good approximation of where you're at. The last hop ping is really quite immaterial here.


This isn't helpful. The comment was specifically asking about the probes, not ICMP traffic.


Anybody can do this same thing, if you're worried about this, you probably don't want inbound ICMP.


Cool. Thanks. But let's say I do.


Then there's nothing you can do. If you respond to pings, then others can take note of the responses you send.


You're missing the point that the question is effectively asking for a list of hosts that they can block.

Edit: they provided a method: https://news.ycombinator.com/item?id=37510063


I understand that was the initial question. I am saying that is a fools errand. Anyone with a few VPSes, a calculator, and a map can do this. It isn't just ipinfo.io doing this. There are a lot of ip geolocation services.


And if you don't respond to pings, a traceroute can still be used to find the hop before yours, which will almost certainly achieve the same result for geolocation purposes.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: