?
Solved

Is there a way to stop a computer from responding to a ping?

Posted on 2003-03-30
17
Medium Priority
?
188 Views
Last Modified: 2013-12-04
My students are attacking me and each other on our network(22 stations) which is a mix of Win 98, Win 2000 & Win XP by running multiple ping commands.  Is there a way to ignore the ping and or a way the identify the sender.  Netstat hasn't been much help.  I don't wamt to use a firewall ie Zone Alarm if possible.
0
Comment
Question by:joanides
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
  • +4
17 Comments
 
LVL 44

Expert Comment

by:CrazyOne
ID: 8235711
Why don't you want to use a firewall?
0
 

Author Comment

by:joanides
ID: 8235923
Adding the free version of Zone Alarm seems to work but I don't know how it will affect some of the training software we use on the network.  As a general rule I try to avoid having too many programs running in the background.  I can remove the ping command from the stations but it can be reloaded.  I've used a batch file in autoexec.bat to delete the ping command on boot up. It sure would be nice if I could disable the port which ping is addressing.
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8238557
You could use poledit.exe on the 98 workstations and disable the command prompt, they would nnot have access to the ping command.  For the Win2k and XP clients you will have to either create a Group Policy or a local Security policy.  Here you cannot only disable the command prompt, but you can specifically deny them access to the ping command.
0
Four New Appliances. Same Industry-leading Speeds.

But don't take it from us.  The Firebox M370 is Miercom tested and Miercom approved, outperforming its competitors for stateless and stateful traffic throughput scenarios.  Learn more about the M370, M470, M570 and M670 and find the right solution for your organization today!

 
LVL 12

Expert Comment

by:trywaredk
ID: 8247600
MSGEEK... "on the 98 workstations and disable the command prompt, they would not have access to the ping command".

They can make a batch-job, and run it from explorer or Start / Run.

;o) Yes I know, I don't have the solution. Just telling you about it.

Many Regards

Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8247658
Policies are not as robust in 98, that is for sure.  There are ways around alot of the policies available, but MS is getting better.
0
 

Author Comment

by:joanides
ID: 8250373
Thank you for your ideas, but my students have administrator rights to their computers.  I don't want to take that away since they have to constantly make changes to their configuration as they prepare for the A+ certification exam.  I guess there is no way to stop a computer from responding to a ping attack w/o a firewall of some type.  They can crack passwords very easily as you know with software available.  
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8252976
"I guess there is no way to stop a computer from responding to a ping attack w/o a firewall of some type"

You can block those packets with hardware.  Turn IGRP off when they don't need it for testing, turn it pack on when they do.

You can change the primary local admin passwords with utilities from the resource kit faster than they can crack them.  I would also think if they really enjoy what they are doing they don't want to fail.
0
 
LVL 3

Expert Comment

by:ewall
ID: 8265236
If it's only ping (i.e. "ICMP ECHO Request") that you're worried about, then burried in the Registry somewhere is a majic key to turn ICMP replies off, at least in NT-based systems. Sadly, I can't seem to find it in the MSKB right now, and I don't know if I ever documented it for myself when I last found it...

Also, if your station is using WinXP, you already have a simple firewall called "Internet Connection Firewall", which makes it easy to have the OS drop incoming ICMP packets.

~ewall
0
 

Author Comment

by:joanides
ID: 8266210
My station is using Windows 2000.  I will try out your ideas over the weekend when my lab is empty.  Thank you for not giving up on me.
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8266574
I like ewall's idea and have been searching for that myself.
0
 

Expert Comment

by:cyberkegler
ID: 8270211
Ewall's idea will work and its too bad that you guys don't know where to turn the ICMP replies off.  If I wasn't in the class, i might accually tell you were in the registry it's located..  Mr. j, you'll figure it out, i might show you sometime.  If i was u, i would use a firewall.
0
 
LVL 3

Expert Comment

by:ewall
ID: 8270796
Cyberkegler, I was ROFL reading your post!

Anyway, I never did find that stupid Registry entry (grr!), but I think I found something useful for you, joanides: Win2k has "TCP/IP filtering" available for all NICs...

To configure:
- In Control Panel, double-click Network and Dial-up Connections select Local Area Connection, and then right-click Properties.
- On the General tab, click Internet Protocol (TCP/IP) in the list of components, and then click Properties.
- Click Advanced.
- Click the Options tab, TCP/IP filtering, and then Properties.

You want to block incoming requests on port 7 for ICMP, TCP & UDP.

~ewall
0
 
LVL 4

Expert Comment

by:Frog357
ID: 8276202
http://www.tacteam.net/isaserverorg/poordmz.htm
Read # 10, says can not block ICMP.

Try this page, it might be more help.
http://homepages.wmich.edu/~mchugha/w2kfirewall.htm
0
 
LVL 4

Accepted Solution

by:
Frog357 earned 500 total points
ID: 8276227
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 8276473
IOANIDES... "but my students have administrator rights to their computers"

Forget all about stopping your students from anything. Being member of local admin group means what it says. They can do anything what they like. If you try to stop them, they can disable what you did.

If they have to be member of local admin group, my advice is to make a student-domain without any trusts anywhere else on your network, and let your students attack themselfes, and noone else.

There's another issue about being member of local admin group, you have to consider:

PLEASE READ THIS CAREFULLY:

You must NEVER NEVER add a Domain User Group to the Local Admin Group on each workstation.

And You must NEVER add the same Domain User to the Local Admin Group on more than his/hers own workstation

If You add a Domain User Group to the Local Admin Group, every member of this Domain User Group gets unlimited REMOTE access power of every workstation on Your network.

The unlimited REMOTE access involves:
1. Explorer: \\ComputerName\C$
2. Registry
3. Computer Management (Control Panel)


IF YOU WANT TO KNOW MORE ABOUT THIS ISSUE:
http://www.experts-exchange.com/Security/Win_Security/Q_20506528.html
http://www.tryware.dk/English/W2kLocalGroupPolicy/TotalAdminPower.html
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windows2000serv/evaluate/featfunc/07w2kadc.asp
http://support.microsoft.com/?kbid=182734



IF YOU WANT TO TEST IT:
You have to grant a Domain User Group to the Local Admin Group on BOTH test-workstations, AND logout and logon again.

Important: You have to make a new logon after creating the credentials, because they are given in W2k in the second where You press ENTER to password when logging on.

Please reply, when You have removed the Domain User Group from the Local Admin Group again!


Many Regards

Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 

Author Comment

by:joanides
ID: 8279043
I am indebted to you all: trywared, ewall & msgeek.  You have added to my knowledge.  Frog357 has found the simplest solution to my problem and before I close it out I wanted to thank you again.  I do have one more question I'll be posting if you are game.
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8280506
Post away, we are always game at EE!  Points are like chocolate!  MSGeek.
0

Featured Post

How Blockchain Is Impacting Every Industry

Blockchain expert Alex Tapscott talks to Acronis VP Frank Jablonski about this revolutionary technology and how it's making inroads into other industries and facets of everyday life.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
OfficeMate Freezes on login or does not load after login credentials are input.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses
Course of the Month13 days, 10 hours left to enroll

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question