Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to block Icmp with Black Ice Server

Posted on 2003-10-22
7
Medium Priority
?
2,196 Views
Last Modified: 2008-03-04
Hi,

It's possible to block ICMP traffic in Black Ice Server?
We do not have an ICMP filters on configuration...only TCP and UDP...any secret?


tks,
0
Comment
Question by:ipsystems
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 5

Expert Comment

by:juliancrawford
ID: 9604663
Im not sure about Black Ice but you can use IPSECPOL to block ICMP trafic.
0
 
LVL 3

Expert Comment

by:FlamingSword
ID: 9608896
I believe that the top dogs, especially BlackIce will block it by default. If not, they have two opitions, and may use a different language.  Look for operating in 'stealth" mode. That means not responding to any such thing as icmp, thus becoming trasparent to those trying to come up with lists of servers to crack.
0
 
LVL 3

Accepted Solution

by:
FlamingSword earned 500 total points
ID: 9608950
"It's possible to block ICMP traffic in Black Ice Server?"

Answer: Yes

"We do not have an ICMP filters on configuration...only TCP and UDP...any secret?"

Answer: Yes

I stand corrected in my prior comment. The following is a direct quote from the manufacturer (I'll assume you can handle the PDF, it is a tradition):

===============================================================

Answer
  By default, BlackICE does not block ICMP traffic. But, certain statements can be manually added to the firewall.ini file to block certain types of ICMP messages. For more information, please refer to the BlackICE Advanced Administration Guide, version 2.9/3.0, Section 3 - BlackICE Configuration. The information regarding ICMP entries can be found in the FIREWALL.INI Specificateion of Section 3.

The BlackICE Advanced Administration Guide may be downloaded from this link:

http://documents.iss.net/literature/BlackICE/BI-AAG.pdf 
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
LVL 3

Expert Comment

by:FlamingSword
ID: 9609215
Another:

This article explains how to block Pings (ICMP).

This information applies to:
BlackICE PC Protection and BlackICE Server Protection version 2.9 and higher. (Formerly BlackICE Defender for Workstation and BlackICE Defender for Server)
Answer
  By default, the software does not block pings. However, you can edit the firewall.ini file to tell BlackICE to block pings. REJECT statements must be manually added to the [MANUAL ICMP....] section of the firewall.ini. If this is a new installation, the file will be located at C:/Program Files/ISS/BlackICE. If you have an older version of BlackICE that has been updated, the path will be: C:/Program Files/NetworkICE/BlackICE

This statement will block all ICMP Echo traffic for all IP addresses.
REJECT, 8:0, ICMP, 2001-10-15 00:01:00, PERPETUAL, 1000, MANUAL

This statement will allow ICMP Echo traffic from 10.10.0.29
ACCEPT, 10.10.0.29:8:0, ICMP, 2001-10-15 00:01:00, PERPETUAL, 1000, MANUAL

This statement blocks ICMP Echo traffic from the specified IP address range (10.10.0.30 - 10.10.0.142).
REJECT, 10.10.0.30 - 10.10.0.142:8:0, ICMP, 2001-10-15 00:01:00, PERPETUAL, 1000, MANUAL

These statements block ICMP Timestamp and ICMP Address Mask requests respectively.

REJECT, 13:0, ICMP TIMESTAMP, 2001-10-15 00:01:00, PERPETUAL, 1000, MANUAL
REJECT, 17:0, ICMP MASKREQ, 2001-10-15 00:01:00, PERPETUAL, 1000, MANUAL

For more information on ICMP message types and codes, please refer to:

http://www.spirit.com/Resources/icmp.html.
0
 
LVL 3

Expert Comment

by:FlamingSword
ID: 9609237
Thanks
0
 

Author Comment

by:ipsystems
ID: 9609302
Hey FlamingSword

Thanks very much for your answer.... your answer is Perfect!

0
 

Author Comment

by:ipsystems
ID: 9711985
Hi Flamming,

The rule works perfect...but, Is it possible to Auto-Block all ip's trying to ICMP my server?

The blackice block only some types of attack, it's possible to add other types to auto block?
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A look at what happened in the Verizon cloud breach.
What's worse than having your data encrypted by ransomware? Getting attacked by a so-called "wiper," which simply destroys the data and offers you no hope of ever seeing it again.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question