Your location:Tech News>OS>Windows 2000>Win2000 system prohibits Ping

Latest News

Win2000 system prohibits Ping



How to turn off ICMP (Ping) in Win2000” The full name of ICMP is Internet Control and Message Protocal which is the Internet Control Message/Error Message Protocol. This protocol is mainly used for error messages And the transmission of control information such as the well-known Ping and Tracert tools all use the ECHO request message in the ICMP protocol (request message ICMP ECHO type 8 code 0 response message ICMP ECHOREPLY type 0 code 0).

The ICMP protocol has a characteristic --- it is disconnected which means that as long as the sender completes the encapsulation of the ICMP message and passes it to the router the message will be searched for by itself like a postal packet Destination address this feature makes the ICMP protocol very flexible and fast but it also brings a fatal flaw---easy to forge (the sender address on the postal packet can be written casually) anyone can forge an ICMP message and After sending it out the forger can use SOCK_RAW programming to directly rewrite the ICMP header and IP header of the message. The source address carried in such a message is forged and cannot be traced at the destination. (Attackers are not afraid of being caught so why don’t they feel confident? ) According to this principle a lot of ICMP-based attack software appeared outside. Some caused ICMP storms through network architecture defects some used very large packets to block the network some used ICMP fragment attacks to consume server CPU and even if The ICMP protocol is used for communication and can make Trojan horses that do not require any TCP/UDP ports (see 'Uncovering the Mystery of Trojan Horses III')...Since the ICMP protocol is so dangerous why don't we turn it off? ?


We all know that Win2000 comes with a TCP/IP filter in the network properties. Let’s see if we can turn off the ICMP protocol through this on the desktop Right-click Network Neighborhood->Properties->Right-click the network card you want to configure->Properties-\u0026gt;TCP/IP-\u0026gt;Advanced-\u0026gt;Options-\u0026gt;TCP/IP filtering there are three filters here They are: TCP port UDP port and IP protocol. We first allow TCP/IP filtering and then configure them one by one. First the TCP port click 'Only allow' and then add the port you need to open below. Generally For the WEB server only need to open 80 () FTP server need to open 20 (FTP Data) 21 (FTP Control) mail server may need to open 25 (SMTP) 110 (POP3) and so on... .. Followed by UDP the UDP protocol and the ICMP protocol are based on connectionless and easy to forge so if it is not necessary (for example to provide DNS services from UDP) you should choose not to allow all to avoid flooding or Fragment attack. The edit box on the far right is to define IP protocol filtering. We choose to allow only TCP protocol to pass and add a 6 (6 is the code of TCP in IP protocol IPPROTO_TCP=6). In principle only TCP protocol is allowed to pass Neither UDP nor ICMP should be passed. Unfortunately the IP protocol filtering here refers to the narrowly defined IP protocol. In terms of architecture although both the ICMP and IGMP protocols are subsidiary protocols of the IP protocol they are from the 7th layer of the network. Structurally the ICMP/IGMP protocol belongs to the same layer as the IP protocol so Microsoft’s IP protocol filtering here does not include the ICMP protocol. That is to say even if you set 'Only allow TCP protocol to pass' ICMP messages can still be passed. It passes normally so if we want to filter the ICMP protocol we need to find another way.

Just now when we were doing TCP/IP filtering there was another option: IP Security (IP Security). Our idea of ??filtering ICMP will fall on it.

Open the local security policy select the IP security policy here we can define our own IP security policy.

An IP security filter consists of two parts: a filtering strategy and a filtering operation. The filtering strategy determines which packets should attract the filter’s attention and the filtering operation determines whether the filter is 'allowed' or \u0026ldquo;Reject\u0026rdquo; the passage of the message. To create a new IP security filter you must create your own filter policy and filter operation: right-click the IP security policy of the machine select Manage IP Filter and create a new filter rule in the IP filter management list: ICMP_ANY_IN source address Choose any IP choose this machine as the target address and the protocol type is ICMP. Switch to the management filter operation and add an operation named Deny the operation type is 'Block' (Block). In this way we have a filtering strategy that focuses on all incoming ICMP messages and a filtering operation that discards all messages. It should be noted that there is a mirror selection in the address options. If mirroring is selected a symmetric filtering strategy will be established which means that when you follow any IP->my IP

  People who are familiar with the network know Ping. Ping is the main TCP/IP command used to detect network connectivity reachability and name resolution problems. The main use of Ping is to detect whether the target host can be connected.

In order for a hacker to invade he must first lock the target usually by using the Ping command to detect the host obtain relevant information and then perform a vulnerability scan. How to not be attacked by others? That is to prevent others from pinging their own computer so that the attack cannot be started. The author introduces four common methods to prevent Ping for your reference:

One use advanced settings to prevent Ping

By default all Internet Control Message Protocol (ICMP) ) Options are disabled. If you enable the ICMP option your network will be visible on the Internet and therefore vulnerable to attacks.

If you want to enable ICMP you must log in to the computer as an administrator or a member of the Administrators group right-click on \u0026ldquo;Network Neighborhood\u0026rdquo; and select \u0026ldquo;Properties\u0026rdquo; in the pop-up shortcut menu to open the\u0026ldquo ;Network connection\u0026rdquo; select the connection that has enabled Internet connection firewall open its properties window and switch to the \u0026ldquo;advanced\u0026rdquo; option page click on \u0026ldquo;settings\u0026rdquo; below so that \u0026ldquo;advanced settings\u0026rdquo ;Dialog window on the \u0026ldquo;ICMP\u0026rdquo; tab check the type of request information that you want your computer to respond to and the check box next to it will enable this type of request. If you want to disable it please clear the corresponding request information type.

  Second use a network firewall to block Ping

Using a firewall to block Ping is the simplest and most effective method. Now basically all firewalls have ICMP filtering enabled by default Function. Here the description is based on Kingsoft Internet Security 2003 and Skynet Firewall Version 2.50.

For netizens who use Kingsoft Internet Dart 2003 please right-click on the Kingsoft Internet Dart 2003 icon in the system tray and select 'Utilities' in the shortcut menu that pops up. Define the IP rule editor' in the window that appears

Recommend article

Relate article