?
Solved

Using a software firewall, how does on create a rule whic denies all icmp echo requests?

Posted on 2005-02-25
16
Medium Priority
?
254 Views
Last Modified: 2013-11-16
Want to block / deny at the internet layer through a software firewall icmp echo requests from comming into my system and out?

Can you recommend the way to write this rule?

Thanks!
0
Comment
Question by:LorneBackler
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 8
16 Comments
 
LVL 27

Expert Comment

by:Asta Cu
ID: 13404811
What is your Operating System and version or Server type and version as well as what Firewalls and versions installed?
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 13404849
Depending on your Firewall type and setting, you can block ping ICMP echo, some info. below.
http://support.microsoft.com/default.aspx?scid=kb;en-us;298100

The settings for ICF in Windows XP with SP1 and Windows XP with no service packs installed consist of a single checkbox (the Protect my computer and network by limiting or preventing access to this computer from the Internet check box on the Advanced tab of the properties of a connection) and a Settings button from which you can configure excepted traffic, logging settings, and allowed ICMP traffic.
more here....
http://www.microsoft.com/technet/community/columns/cableguy/cg0204.mspx

Internet Control Message Protocol (ICMP)
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_tcpip_und_icmp.mspx
0
 

Author Comment

by:LorneBackler
ID: 13404876
Would this work either in
Kerio personal firewall
or pc-cillin
or windows personal firewall
or McAfee?
Connection = Incoming
Action = Deny
Protocol = ICMP
IP Setting = Type = All IP addresses?

Would this block ICMP internet echo requests ?
0
Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

 

Author Comment

by:LorneBackler
ID: 13404886
The one I am asking about right now is pc-cillin
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 13405097
Don't think so, and don't use or know much about Pc-cillin .... others may have insight I don't (I hope)...  Please advise more about your Operating System and version and/or Server type and version, since much is dictacted by the environment.
Some insight, maybe.
http://search.microsoft.com/search/results.aspx?st=b&na=88&View=en-us&qu=icmp+traffic
0
 

Author Comment

by:LorneBackler
ID: 13405118
Yes or no to my second to last comment?
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 13405264
denying everything? Your denying any inbound traffic so if they have any internal WWW or FTP servers nobody would be able to get to them... here:
http://www.experts-exchange.com/Hardware/Routers/Q_20697330.html?query=deny+all+incoming+icmp&clearTAFilter=true

I don't mean to be unresponsive, but there's a downside to blocking all incoming ICMP as noted above.

Back to work, sent this link to another Expert in the hopes they can help; I'm swamped.

Asta
0
 

Author Comment

by:LorneBackler
ID: 13405407
Thanks for the help.
I am on an Xp computer for this question
This question started off as just personal computers with software firewalls on them.
modem to router to station
No server requirements no ftp or no IIS hosting web sites on this computer.

Another reason for asking this question since I like where this is going with you and I would like to investigate your sites and points which you are making is....

I also would need to know how to block icmp echo requests at the firewall/peripheral layer of a work network.
Cisco 515e would be the firewall and the rules would have to block icmp at the firewall level not letting these types of requests into the network.
I was reading a book on how to hack in order to do inhouse security testing. This book suggests if you turn off icmp echo requests at the border of a network you can save yourself a lot of headaches! It furthure goes on to suggest that many ping flooding attacks and some DoS attackes or smurf Attacks being one of them etc..... can be avoided if this rule is configured properly.
The servers are windows 2003 servers.

If any of this information makes sense and can be useful in finding out the answer then I look forward to future communication with you or your security colleague.

Thanks thus far.

Lorne  
0
 

Author Comment

by:LorneBackler
ID: 13405417
also for this computer it is ok to deny all icmp traffic in.
0
 

Author Comment

by:LorneBackler
ID: 13405490
It seems even if I leave this rule in the software firewall, from time to time I still see some people being able to get through the rule even though you said I was denying all "Your denying any inbound traffic ".

I see ICMP Echo Request under the attack type. if the individual is sucessful.
If the individual is not successful then I see destination unrechable.

What do you make of that?
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 13405550
Thanks for the added detail, will help us all help you more expeditiously....
Windows XP and the Windows Server 2003 family provide a set of predefined IPSec filter lists and filter actions and default policies.... may get things going.
Predefined filter lists - The following predefined filter lists are provided as examples for use in the default policies:
All ICMP Traffic  - A filter list for all ICMP traffic (IP protocol 1) sent and received between this computer and all other computers.
More here....  http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_IPSECdfltpols.asp

FIX: ICMP traffic is not blocked during startup period with ISA Server (was just updated)
http://support.microsoft.com/default.aspx?scid=kb;en-us;833009

Off to a meeting, but hope the other Experts will step in as well with more specifics soon.

Asta
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 13405621
Meant to include this, sorry, hit submit too soon...
Affected Software includes ... • Windows SharePoint Services for Windows Server 2003 – Download the update (KB887981)
http://www.microsoft.com/technet/security/bulletin/MS05-006.mspx
Make your Microsoft Exchange Server 2003 system more secure and help protect your messages and data using the resources on this page.
http://www.microsoft.com/technet/prodtechnol/exchange/2003/security.mspx
http://www.microsoft.com/windowsserver2003/security/default.mspx
0
 

Author Comment

by:LorneBackler
ID: 13439981
thanks
0
 

Author Comment

by:LorneBackler
ID: 13440079
Starting to read the material. YOU GUYS ROCK!!!!

We are not running ISA. as mentioned it is a cisco 515e. Thanks!
0
 
LVL 27

Accepted Solution

by:
Asta Cu earned 1000 total points
ID: 13471439
0

Featured Post

Enroll in August's Course of the Month

August's CompTIA IT Fundamentals course includes 19 hours of basic computer principle modules and prepares you for the certification exam. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question