Solved

ICMP port

Posted on 2001-06-12
12
3,354 Views
Last Modified: 2013-12-28
How can I disable the icmp port in Windows NT4 server, so noone can ping the server?
thanx
0
Comment
Question by:gikam
  • 5
  • 4
  • 3
12 Comments
 
LVL 12

Expert Comment

by:Nenadic
Comment Utility
You cannot do it on Windows NT itself. You have to use some form of firewall. If you cannot go for commercial (Proxy, Checkpoint), you can use Norton Personal Firewall, Zone Alarm or similar.

Finally, you don't want to disable ICMP, as it is needed by your computer for other TCP/IP communication. What you want to do is to prevent it from sending resonses on ICMP (Stealth mode).
0
 
LVL 4

Expert Comment

by:arminl
Comment Utility
Open control-panel, protocols, TCP/IP, options and activate IP security. Click "configure" and then configure the protocols you want to permit in the rightmost list (IP protocols). AT least I guess that you can do it there. Need tro specify the protocols by their number. Guess that's somewhere in RFC 790-792. Never tried it myself. Love to PING.

...Armin
0
 
LVL 12

Expert Comment

by:Nenadic
Comment Utility
ICMP is Protocol 1.

But, again, that will prevent seeing any TCP/IP error messages.
0
 
LVL 4

Expert Comment

by:arminl
Comment Utility
The list is an "positive" list, so he will need to specify all protocols except 1.

...Armin
0
 
LVL 12

Expert Comment

by:Nenadic
Comment Utility
Don't get me wrong - it will work, I agree. Just that ICMP is used for more than just PINGing and I believe disabling it is not the best solution. But, since the requester asked for that - it is correct! :-)
0
 
LVL 2

Author Comment

by:gikam
Comment Utility
nenadic
As I know there is a port for PING and only for PING.
I want the server to be invisible to ping, so I guess there must be a port or service that must be disabled.
There is no subject of firewall or proxy since this is stand alone server (not routing traffic between networks)
arminl
I dont want to set protocols that I parmit, but disable the ones that I dont permit. and what about for the PING?
still waiting....
10x
gika
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 12

Expert Comment

by:Nenadic
Comment Utility
PING relies on ICMP. Doesn't have its own port number.

The option armin is suggesting cannot be set to allow all protocols, except ones you specify.

I didn't think a full-blown firewall would be the best, but suggested Personal Firewall or Zone Alarm. Both are around $30 and are specifically designed for home (small office) computers.
0
 
LVL 4

Expert Comment

by:arminl
Comment Utility
PING does not use a port number, but is an integral part of the IP protocol driver.

So your only choice is to set the filter list to allow all IP protocols except ICMP. Don't mistake them for the ports you know, the IP protocol header has a "protocol" field, and that's the field we are trying to filter on. So I guess that there are not more than probly a handfull of numbers you need to enter, allowing TCP and UDP at least.

Nenadic is right, keep in mind that ICMP does more than just supporting PING. What you would loose, just to mention the two most important ones, are:

ICMP redirect: a Router redirects the client to a different (better) Router. Some Routers use this to redirect clients if they sense a failure on the WAN side.

ICMP source quench: a device on the net, most likely a WAN router, tells your client to slow down a bit sending packets, since he cannot deliver them fast enough. If the client continues sending full speed, the router will start dropping packets.

ICMP is also described in one of the RFCs I mentioned. You can also check MS KB for keyword ICMP to see which ICMP options MS has implemented at all.

Armin

0
 
LVL 2

Author Comment

by:gikam
Comment Utility
ok all
As I see, I cannot disable the "PING reply" only, from the server.
If this is right, I'd like to share the points to both of you if possible, else u choose
thanx
0
 
LVL 12

Expert Comment

by:Nenadic
Comment Utility
I'm happy for arminl to take the points. He's was the solution, mine was just a warning. :-)
0
 
LVL 4

Accepted Solution

by:
arminl earned 20 total points
Comment Utility
Thnx nenadic, but probably quikam changes his mind when reading this:

I was curious, and set up two new clients as follows:

Plain vanilla NT, only gimmick is the VNC remote control software. Applied SP6. No other drivers or any stuff.

* Set the IP filter to allow protocols 6 (TCP) and 17 (UDP)only. Rebooted. Result: no reaction. Could happily ping, mount drives, and connect to the VNC server. Oops.

* Set the IP filter to allow protocol 1 (ICMP) only. Rebooted. Result: no reaction. Could happily ping, mount drives, and connect to the VNC server. Oops again.

Then I left the useless IP filter alone, and played with UDP and TCP filters. Allowed for TCP port 139, and UDP 137 and 138. Result: like expected. Could mount drives and log in, but not use the VNC server. Then I swapped the setup: allowed for TCP port 5900 (the VNC server port), and deleted 137, 138 and 139. Result: like desired. Could not use any MS networking features any more, but could use the VNC server.

Behaviour persisted, no matter what I ever put into the IP filter. Just to make sure I also tried NT Workstation vs. NT server, 1 or two NICs, and Servicepack 1,5 and 6. All have the same problem.

Conclusion: Microsoft has not implemented the feature to filter at the IP level, or there is another bug that neither got fixed nor documented. So implementing my suggestion would have failed because a bug or an "implementation vs. documentation conflict". The TCP and UDP filters however work nicely.

(And just to make sure I haven't done anything wrong, I'll post this whole thing as a question titeled "NT 4.0 IP packet filtering bug !?")

Armin

0
 
LVL 2

Author Comment

by:gikam
Comment Utility
thanx all
ok, let's PING on...
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Windows Mobile Barcode Scanning These days almost every product has a barcode in some way... amongst there are 1D barcodes en 2D barcodes.. From http://www.barcodeman.com/faq/2d.php I found some handy definitions and insights. 1D barcodes …
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now