How to block Icmp with Black Ice Server

Hi,

It's possible to block ICMP traffic in Black Ice Server?
We do not have an ICMP filters on configuration...only TCP and UDP...any secret?


tks,
ipsystemsAsked:
Who is Participating?
 
FlamingSwordConnect With a Mentor Commented:
"It's possible to block ICMP traffic in Black Ice Server?"

Answer: Yes

"We do not have an ICMP filters on configuration...only TCP and UDP...any secret?"

Answer: Yes

I stand corrected in my prior comment. The following is a direct quote from the manufacturer (I'll assume you can handle the PDF, it is a tradition):

===============================================================

Answer
  By default, BlackICE does not block ICMP traffic. But, certain statements can be manually added to the firewall.ini file to block certain types of ICMP messages. For more information, please refer to the BlackICE Advanced Administration Guide, version 2.9/3.0, Section 3 - BlackICE Configuration. The information regarding ICMP entries can be found in the FIREWALL.INI Specificateion of Section 3.

The BlackICE Advanced Administration Guide may be downloaded from this link:

http://documents.iss.net/literature/BlackICE/BI-AAG.pdf 
0
 
juliancrawfordCommented:
Im not sure about Black Ice but you can use IPSECPOL to block ICMP trafic.
0
 
FlamingSwordCommented:
I believe that the top dogs, especially BlackIce will block it by default. If not, they have two opitions, and may use a different language.  Look for operating in 'stealth" mode. That means not responding to any such thing as icmp, thus becoming trasparent to those trying to come up with lists of servers to crack.
0
Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

 
FlamingSwordCommented:
Another:

This article explains how to block Pings (ICMP).

This information applies to:
BlackICE PC Protection and BlackICE Server Protection version 2.9 and higher. (Formerly BlackICE Defender for Workstation and BlackICE Defender for Server)
Answer
  By default, the software does not block pings. However, you can edit the firewall.ini file to tell BlackICE to block pings. REJECT statements must be manually added to the [MANUAL ICMP....] section of the firewall.ini. If this is a new installation, the file will be located at C:/Program Files/ISS/BlackICE. If you have an older version of BlackICE that has been updated, the path will be: C:/Program Files/NetworkICE/BlackICE

This statement will block all ICMP Echo traffic for all IP addresses.
REJECT, 8:0, ICMP, 2001-10-15 00:01:00, PERPETUAL, 1000, MANUAL

This statement will allow ICMP Echo traffic from 10.10.0.29
ACCEPT, 10.10.0.29:8:0, ICMP, 2001-10-15 00:01:00, PERPETUAL, 1000, MANUAL

This statement blocks ICMP Echo traffic from the specified IP address range (10.10.0.30 - 10.10.0.142).
REJECT, 10.10.0.30 - 10.10.0.142:8:0, ICMP, 2001-10-15 00:01:00, PERPETUAL, 1000, MANUAL

These statements block ICMP Timestamp and ICMP Address Mask requests respectively.

REJECT, 13:0, ICMP TIMESTAMP, 2001-10-15 00:01:00, PERPETUAL, 1000, MANUAL
REJECT, 17:0, ICMP MASKREQ, 2001-10-15 00:01:00, PERPETUAL, 1000, MANUAL

For more information on ICMP message types and codes, please refer to:

http://www.spirit.com/Resources/icmp.html.
0
 
FlamingSwordCommented:
Thanks
0
 
ipsystemsAuthor Commented:
Hey FlamingSword

Thanks very much for your answer.... your answer is Perfect!

0
 
ipsystemsAuthor Commented:
Hi Flamming,

The rule works perfect...but, Is it possible to Auto-Block all ip's trying to ICMP my server?

The blackice block only some types of attack, it's possible to add other types to auto block?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.