Solved

How to block Icmp with Black Ice Server

Posted on 2003-10-22
7
2,192 Views
Last Modified: 2008-03-04
Hi,

It's possible to block ICMP traffic in Black Ice Server?
We do not have an ICMP filters on configuration...only TCP and UDP...any secret?


tks,
0
Comment
Question by:ipsystems
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 5

Expert Comment

by:juliancrawford
ID: 9604663
Im not sure about Black Ice but you can use IPSECPOL to block ICMP trafic.
0
 
LVL 3

Expert Comment

by:FlamingSword
ID: 9608896
I believe that the top dogs, especially BlackIce will block it by default. If not, they have two opitions, and may use a different language.  Look for operating in 'stealth" mode. That means not responding to any such thing as icmp, thus becoming trasparent to those trying to come up with lists of servers to crack.
0
 
LVL 3

Accepted Solution

by:
FlamingSword earned 125 total points
ID: 9608950
"It's possible to block ICMP traffic in Black Ice Server?"

Answer: Yes

"We do not have an ICMP filters on configuration...only TCP and UDP...any secret?"

Answer: Yes

I stand corrected in my prior comment. The following is a direct quote from the manufacturer (I'll assume you can handle the PDF, it is a tradition):

===============================================================

Answer
  By default, BlackICE does not block ICMP traffic. But, certain statements can be manually added to the firewall.ini file to block certain types of ICMP messages. For more information, please refer to the BlackICE Advanced Administration Guide, version 2.9/3.0, Section 3 - BlackICE Configuration. The information regarding ICMP entries can be found in the FIREWALL.INI Specificateion of Section 3.

The BlackICE Advanced Administration Guide may be downloaded from this link:

http://documents.iss.net/literature/BlackICE/BI-AAG.pdf 
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 
LVL 3

Expert Comment

by:FlamingSword
ID: 9609215
Another:

This article explains how to block Pings (ICMP).

This information applies to:
BlackICE PC Protection and BlackICE Server Protection version 2.9 and higher. (Formerly BlackICE Defender for Workstation and BlackICE Defender for Server)
Answer
  By default, the software does not block pings. However, you can edit the firewall.ini file to tell BlackICE to block pings. REJECT statements must be manually added to the [MANUAL ICMP....] section of the firewall.ini. If this is a new installation, the file will be located at C:/Program Files/ISS/BlackICE. If you have an older version of BlackICE that has been updated, the path will be: C:/Program Files/NetworkICE/BlackICE

This statement will block all ICMP Echo traffic for all IP addresses.
REJECT, 8:0, ICMP, 2001-10-15 00:01:00, PERPETUAL, 1000, MANUAL

This statement will allow ICMP Echo traffic from 10.10.0.29
ACCEPT, 10.10.0.29:8:0, ICMP, 2001-10-15 00:01:00, PERPETUAL, 1000, MANUAL

This statement blocks ICMP Echo traffic from the specified IP address range (10.10.0.30 - 10.10.0.142).
REJECT, 10.10.0.30 - 10.10.0.142:8:0, ICMP, 2001-10-15 00:01:00, PERPETUAL, 1000, MANUAL

These statements block ICMP Timestamp and ICMP Address Mask requests respectively.

REJECT, 13:0, ICMP TIMESTAMP, 2001-10-15 00:01:00, PERPETUAL, 1000, MANUAL
REJECT, 17:0, ICMP MASKREQ, 2001-10-15 00:01:00, PERPETUAL, 1000, MANUAL

For more information on ICMP message types and codes, please refer to:

http://www.spirit.com/Resources/icmp.html.
0
 
LVL 3

Expert Comment

by:FlamingSword
ID: 9609237
Thanks
0
 

Author Comment

by:ipsystems
ID: 9609302
Hey FlamingSword

Thanks very much for your answer.... your answer is Perfect!

0
 

Author Comment

by:ipsystems
ID: 9711985
Hi Flamming,

The rule works perfect...but, Is it possible to Auto-Block all ip's trying to ICMP my server?

The blackice block only some types of attack, it's possible to add other types to auto block?
0

Featured Post

Register Today - IoT Current and Future Threats

Are you prepared to protect your organization from current and future IoT Threats?  Join our Wi-Fi expert in episode three of our webinar series for a look at the current state of Wi-Fi IoT and what may lie ahead. Register for our live webinar on April 20th at 9 am PDT!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question