How to block Icmp with Black Ice Server

Hi,

It's possible to block ICMP traffic in Black Ice Server?
We do not have an ICMP filters on configuration...only TCP and UDP...any secret?


tks,
ipsystemsAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

juliancrawfordCommented:
Im not sure about Black Ice but you can use IPSECPOL to block ICMP trafic.
0
FlamingSwordCommented:
I believe that the top dogs, especially BlackIce will block it by default. If not, they have two opitions, and may use a different language.  Look for operating in 'stealth" mode. That means not responding to any such thing as icmp, thus becoming trasparent to those trying to come up with lists of servers to crack.
0
FlamingSwordCommented:
"It's possible to block ICMP traffic in Black Ice Server?"

Answer: Yes

"We do not have an ICMP filters on configuration...only TCP and UDP...any secret?"

Answer: Yes

I stand corrected in my prior comment. The following is a direct quote from the manufacturer (I'll assume you can handle the PDF, it is a tradition):

===============================================================

Answer
  By default, BlackICE does not block ICMP traffic. But, certain statements can be manually added to the firewall.ini file to block certain types of ICMP messages. For more information, please refer to the BlackICE Advanced Administration Guide, version 2.9/3.0, Section 3 - BlackICE Configuration. The information regarding ICMP entries can be found in the FIREWALL.INI Specificateion of Section 3.

The BlackICE Advanced Administration Guide may be downloaded from this link:

http://documents.iss.net/literature/BlackICE/BI-AAG.pdf 
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

FlamingSwordCommented:
Another:

This article explains how to block Pings (ICMP).

This information applies to:
BlackICE PC Protection and BlackICE Server Protection version 2.9 and higher. (Formerly BlackICE Defender for Workstation and BlackICE Defender for Server)
Answer
  By default, the software does not block pings. However, you can edit the firewall.ini file to tell BlackICE to block pings. REJECT statements must be manually added to the [MANUAL ICMP....] section of the firewall.ini. If this is a new installation, the file will be located at C:/Program Files/ISS/BlackICE. If you have an older version of BlackICE that has been updated, the path will be: C:/Program Files/NetworkICE/BlackICE

This statement will block all ICMP Echo traffic for all IP addresses.
REJECT, 8:0, ICMP, 2001-10-15 00:01:00, PERPETUAL, 1000, MANUAL

This statement will allow ICMP Echo traffic from 10.10.0.29
ACCEPT, 10.10.0.29:8:0, ICMP, 2001-10-15 00:01:00, PERPETUAL, 1000, MANUAL

This statement blocks ICMP Echo traffic from the specified IP address range (10.10.0.30 - 10.10.0.142).
REJECT, 10.10.0.30 - 10.10.0.142:8:0, ICMP, 2001-10-15 00:01:00, PERPETUAL, 1000, MANUAL

These statements block ICMP Timestamp and ICMP Address Mask requests respectively.

REJECT, 13:0, ICMP TIMESTAMP, 2001-10-15 00:01:00, PERPETUAL, 1000, MANUAL
REJECT, 17:0, ICMP MASKREQ, 2001-10-15 00:01:00, PERPETUAL, 1000, MANUAL

For more information on ICMP message types and codes, please refer to:

http://www.spirit.com/Resources/icmp.html.
0
FlamingSwordCommented:
Thanks
0
ipsystemsAuthor Commented:
Hey FlamingSword

Thanks very much for your answer.... your answer is Perfect!

0
ipsystemsAuthor Commented:
Hi Flamming,

The rule works perfect...but, Is it possible to Auto-Block all ip's trying to ICMP my server?

The blackice block only some types of attack, it's possible to add other types to auto block?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.