[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Using a software firewall, how does on create a rule whic denies all icmp echo requests?

Posted on 2005-02-25
16
Medium Priority
?
260 Views
Last Modified: 2013-11-16
Want to block / deny at the internet layer through a software firewall icmp echo requests from comming into my system and out?

Can you recommend the way to write this rule?

Thanks!
0
Comment
Question by:LorneBackler
  • 8
  • 8
16 Comments
 
LVL 27

Expert Comment

by:Asta Cu
ID: 13404811
What is your Operating System and version or Server type and version as well as what Firewalls and versions installed?
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 13404849
Depending on your Firewall type and setting, you can block ping ICMP echo, some info. below.
http://support.microsoft.com/default.aspx?scid=kb;en-us;298100

The settings for ICF in Windows XP with SP1 and Windows XP with no service packs installed consist of a single checkbox (the Protect my computer and network by limiting or preventing access to this computer from the Internet check box on the Advanced tab of the properties of a connection) and a Settings button from which you can configure excepted traffic, logging settings, and allowed ICMP traffic.
more here....
http://www.microsoft.com/technet/community/columns/cableguy/cg0204.mspx

Internet Control Message Protocol (ICMP)
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_tcpip_und_icmp.mspx
0
 

Author Comment

by:LorneBackler
ID: 13404876
Would this work either in
Kerio personal firewall
or pc-cillin
or windows personal firewall
or McAfee?
Connection = Incoming
Action = Deny
Protocol = ICMP
IP Setting = Type = All IP addresses?

Would this block ICMP internet echo requests ?
0
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

 

Author Comment

by:LorneBackler
ID: 13404886
The one I am asking about right now is pc-cillin
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 13405097
Don't think so, and don't use or know much about Pc-cillin .... others may have insight I don't (I hope)...  Please advise more about your Operating System and version and/or Server type and version, since much is dictacted by the environment.
Some insight, maybe.
http://search.microsoft.com/search/results.aspx?st=b&na=88&View=en-us&qu=icmp+traffic
0
 

Author Comment

by:LorneBackler
ID: 13405118
Yes or no to my second to last comment?
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 13405264
denying everything? Your denying any inbound traffic so if they have any internal WWW or FTP servers nobody would be able to get to them... here:
http://www.experts-exchange.com/Hardware/Routers/Q_20697330.html?query=deny+all+incoming+icmp&clearTAFilter=true

I don't mean to be unresponsive, but there's a downside to blocking all incoming ICMP as noted above.

Back to work, sent this link to another Expert in the hopes they can help; I'm swamped.

Asta
0
 

Author Comment

by:LorneBackler
ID: 13405407
Thanks for the help.
I am on an Xp computer for this question
This question started off as just personal computers with software firewalls on them.
modem to router to station
No server requirements no ftp or no IIS hosting web sites on this computer.

Another reason for asking this question since I like where this is going with you and I would like to investigate your sites and points which you are making is....

I also would need to know how to block icmp echo requests at the firewall/peripheral layer of a work network.
Cisco 515e would be the firewall and the rules would have to block icmp at the firewall level not letting these types of requests into the network.
I was reading a book on how to hack in order to do inhouse security testing. This book suggests if you turn off icmp echo requests at the border of a network you can save yourself a lot of headaches! It furthure goes on to suggest that many ping flooding attacks and some DoS attackes or smurf Attacks being one of them etc..... can be avoided if this rule is configured properly.
The servers are windows 2003 servers.

If any of this information makes sense and can be useful in finding out the answer then I look forward to future communication with you or your security colleague.

Thanks thus far.

Lorne  
0
 

Author Comment

by:LorneBackler
ID: 13405417
also for this computer it is ok to deny all icmp traffic in.
0
 

Author Comment

by:LorneBackler
ID: 13405490
It seems even if I leave this rule in the software firewall, from time to time I still see some people being able to get through the rule even though you said I was denying all "Your denying any inbound traffic ".

I see ICMP Echo Request under the attack type. if the individual is sucessful.
If the individual is not successful then I see destination unrechable.

What do you make of that?
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 13405550
Thanks for the added detail, will help us all help you more expeditiously....
Windows XP and the Windows Server 2003 family provide a set of predefined IPSec filter lists and filter actions and default policies.... may get things going.
Predefined filter lists - The following predefined filter lists are provided as examples for use in the default policies:
All ICMP Traffic  - A filter list for all ICMP traffic (IP protocol 1) sent and received between this computer and all other computers.
More here....  http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_IPSECdfltpols.asp

FIX: ICMP traffic is not blocked during startup period with ISA Server (was just updated)
http://support.microsoft.com/default.aspx?scid=kb;en-us;833009

Off to a meeting, but hope the other Experts will step in as well with more specifics soon.

Asta
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 13405621
Meant to include this, sorry, hit submit too soon...
Affected Software includes ... • Windows SharePoint Services for Windows Server 2003 – Download the update (KB887981)
http://www.microsoft.com/technet/security/bulletin/MS05-006.mspx
Make your Microsoft Exchange Server 2003 system more secure and help protect your messages and data using the resources on this page.
http://www.microsoft.com/technet/prodtechnol/exchange/2003/security.mspx
http://www.microsoft.com/windowsserver2003/security/default.mspx
0
 

Author Comment

by:LorneBackler
ID: 13439981
thanks
0
 

Author Comment

by:LorneBackler
ID: 13440079
Starting to read the material. YOU GUYS ROCK!!!!

We are not running ISA. as mentioned it is a cisco 515e. Thanks!
0
 
LVL 27

Accepted Solution

by:
Asta Cu earned 1000 total points
ID: 13471439
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Hi, this video explains a free download that you can incorporate into your Access databases, or use stand-alone for contact management. Contacts -- Names, Addresses, Phone Numbers, eMail Addresses, Websites, Lists, Projects, Notes, Attachments…
Suggested Courses

612 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question