Solved

How to block Icmp with Black Ice Server

Posted on 2003-10-22
7
2,193 Views
Last Modified: 2008-03-04
Hi,

It's possible to block ICMP traffic in Black Ice Server?
We do not have an ICMP filters on configuration...only TCP and UDP...any secret?


tks,
0
Comment
Question by:ipsystems
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 5

Expert Comment

by:juliancrawford
ID: 9604663
Im not sure about Black Ice but you can use IPSECPOL to block ICMP trafic.
0
 
LVL 3

Expert Comment

by:FlamingSword
ID: 9608896
I believe that the top dogs, especially BlackIce will block it by default. If not, they have two opitions, and may use a different language.  Look for operating in 'stealth" mode. That means not responding to any such thing as icmp, thus becoming trasparent to those trying to come up with lists of servers to crack.
0
 
LVL 3

Accepted Solution

by:
FlamingSword earned 125 total points
ID: 9608950
"It's possible to block ICMP traffic in Black Ice Server?"

Answer: Yes

"We do not have an ICMP filters on configuration...only TCP and UDP...any secret?"

Answer: Yes

I stand corrected in my prior comment. The following is a direct quote from the manufacturer (I'll assume you can handle the PDF, it is a tradition):

===============================================================

Answer
  By default, BlackICE does not block ICMP traffic. But, certain statements can be manually added to the firewall.ini file to block certain types of ICMP messages. For more information, please refer to the BlackICE Advanced Administration Guide, version 2.9/3.0, Section 3 - BlackICE Configuration. The information regarding ICMP entries can be found in the FIREWALL.INI Specificateion of Section 3.

The BlackICE Advanced Administration Guide may be downloaded from this link:

http://documents.iss.net/literature/BlackICE/BI-AAG.pdf 
0
Webinar June 1st - Attacking Ransomware  

The global cyberattack that corrupted hundreds of thousands of computer systems on May 12th had a face, name, & price tag that we’ve seen all too often in recent years: Ransomware. With the stakes – and costs – of a ransomware attack higher than ever, is your business prepared ?

 
LVL 3

Expert Comment

by:FlamingSword
ID: 9609215
Another:

This article explains how to block Pings (ICMP).

This information applies to:
BlackICE PC Protection and BlackICE Server Protection version 2.9 and higher. (Formerly BlackICE Defender for Workstation and BlackICE Defender for Server)
Answer
  By default, the software does not block pings. However, you can edit the firewall.ini file to tell BlackICE to block pings. REJECT statements must be manually added to the [MANUAL ICMP....] section of the firewall.ini. If this is a new installation, the file will be located at C:/Program Files/ISS/BlackICE. If you have an older version of BlackICE that has been updated, the path will be: C:/Program Files/NetworkICE/BlackICE

This statement will block all ICMP Echo traffic for all IP addresses.
REJECT, 8:0, ICMP, 2001-10-15 00:01:00, PERPETUAL, 1000, MANUAL

This statement will allow ICMP Echo traffic from 10.10.0.29
ACCEPT, 10.10.0.29:8:0, ICMP, 2001-10-15 00:01:00, PERPETUAL, 1000, MANUAL

This statement blocks ICMP Echo traffic from the specified IP address range (10.10.0.30 - 10.10.0.142).
REJECT, 10.10.0.30 - 10.10.0.142:8:0, ICMP, 2001-10-15 00:01:00, PERPETUAL, 1000, MANUAL

These statements block ICMP Timestamp and ICMP Address Mask requests respectively.

REJECT, 13:0, ICMP TIMESTAMP, 2001-10-15 00:01:00, PERPETUAL, 1000, MANUAL
REJECT, 17:0, ICMP MASKREQ, 2001-10-15 00:01:00, PERPETUAL, 1000, MANUAL

For more information on ICMP message types and codes, please refer to:

http://www.spirit.com/Resources/icmp.html.
0
 
LVL 3

Expert Comment

by:FlamingSword
ID: 9609237
Thanks
0
 

Author Comment

by:ipsystems
ID: 9609302
Hey FlamingSword

Thanks very much for your answer.... your answer is Perfect!

0
 

Author Comment

by:ipsystems
ID: 9711985
Hi Flamming,

The rule works perfect...but, Is it possible to Auto-Block all ip's trying to ICMP my server?

The blackice block only some types of attack, it's possible to add other types to auto block?
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
TLS 1.0 & Windows 7 - How to disable? 16 247
Behavior-based and anomalies detection for Symantec 2 45
wifi security 11 46
Developers / Staff Setup 10 48
Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question