Windows system >> Windows Server System Tutorial >> Windows Server Tutorial

Preventing Ping Attacks in Win2000

  

How to Turn Off ICMP (Ping) in Win2000

The full name of ICMP is Internet Control and Message Protocal, which is the Internet Control Message/Error Message Protocol. For the transmission of error information and control information, for example, the famous Ping and Tracert tools are all carried out using the ECHO request message in the ICMP protocol (request message ICMP ECHO type 8 code 0, response message ICMP ECHOREPLY type 0 code 0 ).

The ICMP protocol has a feature--it is unconnected, which means that as long as the sender completes the encapsulation of the ICMP message and passes it to the router, the message will look for the destination address itself like a postal packet. This feature makes the ICMP protocol very flexible and fast, but it also brings a fatal flaw - easy to forge (the sender address on the parcel can be written casually), anyone can fake an ICMP message and send it out. Forgers can use SOCK_RAW programming to directly rewrite the ICMP header and IP header of the message. The source address carried by such a message is forged and cannot be traced at the destination. (The attacker is not afraid of being caught, is there no fear?) This principle, there are a lot of ICMP-based attack software appearing outside, there are defects in the network architecture to create ICMP storms, there are very large messages blocking the network, there are ICMP fragmentation attacks using the server CPU, even if the ICMP protocol Used for communication, you can make a Trojan that does not require any TCP/UDP port (see "Uncovering the Mystery of the Trojan")... ICMP protocol so dangerous, why do not we turn it off it?

We all know that Win2000 comes with a TCP/IP filter in the network properties. Let's see if I can turn off the ICMP protocol here. Right click on the network neighbor on the desktop -> Properties -> Right click on the NIC you want to configure -> Properties -> TCP/IP-> Advanced -> Options -> TCP/IP Filtering. There are three filters: TCP Port, UDP Port and IP. Protocol, we first allow TCP /IP filtering, and then configure one by one, first TCP port, click "Allow only", and then add the port you need to open below, in general, the WEB server only needs to open 80 (www), The FTP server needs to open 20 (FTP Data), 21 (FTP Control), the mail server may need to open 25 (SMTP), 110 (POP3), and so on... followed by UDP, UDP protocol and ICMP protocol It is based on no connection, and it is easy to forge, so if it is not necessary (for example, to provide DNS service from UDP), you should choose not to allow it to avoid flood or fragmentation attacks. The rightmost edit box is to define IP protocol filtering. We choose to allow only TCP protocol to pass, add a 6 (6 is TCP code in IP protocol, IPPROTO_TCP=6). In theory, only TCP protocol is allowed to pass. No matter whether UDP or ICMP should not pass, unfortunately, the IP protocol filtering here refers to the narrow IP protocol. Although the ICMP protocol and the IGMP protocol are both affiliated protocols of the IP protocol, but from the network layer 7 The ICMP/IGMP protocol is the same layer as the IP protocol. Therefore, Microsoft's IP protocol filtering here does not include the ICMP protocol. That is to say, even if you set "Only allow TCP protocol to pass", ICMP packets can still pass normally. So if we want to filter the ICMP protocol, we need to find another way.

Just when we were doing TCP/IP filtering, there was another option: IP Security, and our idea of ​​filtering ICMP was on it.

Open the local security policy and select the IP security policy. Here we can define our own IP security policy.

An IP security filter consists of two parts: a filtering policy and a filtering operation. The filtering policy determines which messages should cause the filter to be concerned. The filtering operation determines whether the filter is "allowed" or "rejected". The passage of the text. To create a new IP security filter, you must create your own filtering policy and filtering operation: right-click the IP security policy of the machine, select Manage IP Filter, and create a new filtering rule in the IP filter management list: ICMP_ANY_IN, source address Select any IP, the target address is selected as the local machine, the protocol type is ICMP, switch to the management filter operation, add an operation named Deny, and the operation type is "Block". In this way, we have a filtering action that focuses on all filtering policies that enter ICMP packets and discards all packets. It should be noted that there is a mirror selection in the address option. If mirroring is selected, a symmetric filtering policy will be established, that is, when you are concerned about any IP->my IP

Everyone on the network knows that Ping, Ping is the main TCP/IP command for troubleshooting network connectivity, reachability, and name resolution. The main use of Ping is to detect whether the target host is reachable.

If a hacker wants to invade, he or she must first lock the target. Generally, the ping command is used to detect the host, obtain relevant information, and then perform vulnerability scanning. How to be free from other people's attacks? That is to prevent others from pinging their own computers, so that the attack can't be done. The author introduces four common ways to block Ping, for your reference:

First, use advanced settings to prevent Ping

By default, all Internet Control Message Protocol (ICMP) options are Disabled. If the ICMP option is enabled, your network will be visible on the Internet and vulnerable to attack.

If you want to enable ICMP, you must log in to the computer as an administrator or a member of the Administrators group. Right-click on "My Network Places" and select "Properties" from the shortcut menu that pops up to open "Network Connection". Internet connection firewall connection is enabled, its properties window is opened, and you can switch to the "Advanced" tab, click "Settings" below, and the "Advanced Settings" dialog window appears. On the "ICMP" tab, check the box. If you want your computer to respond to the type of request information, the checkbox next to it will enable this type of request. To disable it, clear the request type.

Second, use the network firewall to block Ping

The use of firewall to block Ping is the easiest and most effective way, now basically all firewalls have ICMP filtering enabled by default. Here, the Jinshan Net Dart 2003 and Skynet Firewall 2.50 are used as the blueprint.

For users who use Jinshan Net Dart 2003, please right click on the Jinshan Net Dart 2003 icon in the system tray and select "Custom IP Rule Editor" in "Utilities" in the pop-up shortcut menu. ", in the window that appears, select the "Defense ICMP Type Attack" rule, eliminate the "Allow others to use the ping command to detect the machine" rule, and save the application to play an effect.

If you are using Skynet Firewall, click "Custom IP Rule" on its main interface, and then uncheck the "Prevent others from using ping command" rule, and check the "Defense ICMP Attack" rule. Then click "Save /Apply" to make the IP rule take effect.

Windows Server Tutorial
Windows system
Web interface remote maintenance Win 2003 server

Microsofts network operating system, Windows Server 2003 (Windows 2003), adds many valuable features
Windows 2000 Personalized Desktop

Since the system desktop must be seen every time the computer user uses the computer, personalizing

Windows HPC Server 2008 Shows Dew

Microsoft impressed the supercomputing community last week when a beta of its new Windows High Perfo
Windows Server 2008 latest CTP Add IIS7 Server Core role

Microsoft has just released the June Community Technology Preview for Windows Server 2008, which wil
Optimize the basic settings of Win2K network speed

First, the basic settings First of all to change the parameters of Win2000 some settings changes, w
Windows 2008 PKI combat 1: Management

Microsoft PKI has made many improvements in Windows Server 2008 and adds many features. The first of
  • Windows Server FAQ
  • Server 2000
  • Server 2003
  • Server 2008
  • Windows Server Tutorial

    • Win10 Mobile Universal Edition Skype Messaging App Features Demo Video

    How to cancel the Win7 system automatically pop up the dial-up connection dialog?

    What is the Rubik's cube memory disk? How to use the cube memory disk?

    Win8 local security policy problem set

    Teach you to easily resist the spread of U disk virus in windows7 (1)

    How to choose to delete a partition?

    Windows XP activated backup

    Backup and recovery Win2003 AD database

    What type of file is AMR, and what does amr open?

    What should I do if the tile application in the win8 system is necrotic? The

  • Windows XP System Tutorial
  • Windows 7 System Tutorial
  • Windows 8 System Tutorial
  • Windows 10 System Tutorial
  • Windows 2003 System Tutorial
  • Windows 2008 System Tutorial
  • Windows Vista System Tutorial
  • Windows tutorial synthesis
  • Windows Server System Tutorial
  • Linux system Tutorial
  • Computer software Tutorial
  • Windows NT Tutorial
    • Copyright © Windows knowledge All Rights Reserved