rootninja

If you’re running iptables, you could reject icmp traffic, like this:

iptables -A OUTPUT -p icmp --icmp-type echo-request -j DROP
iptables -A INPUT -p icmp --icmp-type echo-reply -j DROP

Perhaps you don’t have iptables running or you don’t want to process icmp stuff in your firewall rules. Echo this as root, and it will take effect immediately.

echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all

If you’re wondering if changing things like this, tcp timeouts, and open ports will trick nmap fingerprint scanning, the answer is no.

Passive fingerprinting, retransmission times, and port patterns are some of the things specifically avoided by fingerprint scans. But for what it’s worth, here’s a list of criteria nmap does use to identity a host:

TCP ISN greatest common divisor (GCD)
TCP ISN counter rate (ISR)
TCP ISN sequence predictability index (SP)
IP ID sequence generation algorithm (TI, CI, II)
Shared IP ID sequence Boolean (SS)
TCP timestamp option algorithm (TS)
TCP options (O, O1–O6)
TCP initial window size (W, W1–W6)
Responsiveness (R)
IP don’t fragment bit (DF)
Don’t fragment (ICMP) (DFI)
IP initial time-to-live (T)
IP initial time-to-live guess (TG)
Explicit congestion notification (CC)
TCP miscellaneous quirks (Q)
TCP sequence number (S)
TCP acknowledgment number (A)
TCP flags (F)
TCP RST data checksum (RD)
IP total length (IPL)
Unused port unreachable field nonzero (UN)
Returned probe IP total length value (RIPL)
Returned probe IP ID value (RID)
Integrity of returned probe IP checksum value (RIPCK)
Integrity of returned probe UDP checksum (RUCK)
Integrity of returned UDP data (RUD)
ICMP response code (CD)