Doesn't actually help at all because the BGP announced prefix of your IP can still be tracerouted. You won't be physically far from it.
Say if your ISP announces 125.15.18.0/17 and you're in 125.15.29.145, a traceroute will still yield a pretty good approximation of where you're at. The last hop ping is really quite immaterial here.
http://shouldiblockicmp.com/
(But the guy running the probes is making a good counter argument)
This breaks PMTU and is the source of many mystery download stalls
This doesn't help. Even if you apply this at your router, you are locatable up to your ISP. Which is generally close enough.
Maybe if you delay pings by some amount (20ms? 100ms?), or randomize the delay, you can do a lot better at masking location.
Indeed. Openwrt for some reason defaults to reply to pings. I see the value of ICMP for servers, but I don't see the value for home ISP routers.
I disabled ICMP reply on my home router.
> Openwrt for some reason defaults to reply to pings.
it's a bit like greeting-back ppl on the street.
not doing it will not make you invisible. it will break somebody's assumption of decency, but most ppl don't care either way.
> I disabled ICMP reply on my home router.
Doesn't actually help at all because the BGP announced prefix of your IP can still be tracerouted. You won't be physically far from it.
Say if your ISP announces 125.15.18.0/17 and you're in 125.15.29.145, a traceroute will still yield a pretty good approximation of where you're at. The last hop ping is really quite immaterial here.
This isn't helpful. The comment was specifically asking about the probes, not ICMP traffic.
Anybody can do this same thing, if you're worried about this, you probably don't want inbound ICMP.
Cool. Thanks. But let's say I do.
4 replies →