Analysis of three different "anti-ping" methods _ Web Surfing

As we all know, the ping command is a very useful network command, which is commonly used to test network connectivity. But at the same time it is also the "double-edged sword", especially in the rapid development of the network today, some "malicious" people in the Internet to use it to detect other people's machines, in order to achieve unspeakable purposes. In order to ensure the safety of the machine in the network, now many people attach great importance to "ping", of course, "ping" methods and means are also very many, such as the use of IPSec security policy, Windows built-in firewall, Third-party firewall tools, Routing and Remote Access components, and so on, in the end these "ping" How the effect of the method, is not suitable for you to use, the following I take you to see it!

First, IPSec security Policy "ping", or use caution

The use of IPSec security policy "ping" is a common method, after a simple step of IPSec security policy configuration, you can achieve the effect of ping. This method is relatively simple to configure, and IPSec security policy is a feature that is built into the Windows system and does not require additional installation and is therefore popular with many users. But here I would like to remind you to use the IPSec security policy "ping", or use caution.

Why do you say that? First, let's look at how the IPSec security policy is "anti ping," by creating a new IPSec policy to filter out all of the native ICMP packets. This can be a valid "ping", but it will also leave a hangover.

Because the ping command is closely related to the ICMP protocol (Internet control and Message protocal), there are 11 message formats in the application of the ICMP protocol, in which the ping command uses the "Echo" in the ICMP protocol Request "message to work. However, IPSec security policy does not use the Kill method when pinging, all ICMP messages are filtered out, especially in many useful other formats of the message is also filtered out. Therefore, in some special applications of LAN environment, the phenomenon of packet loss is easy to affect the user's normal office, so I suggest that everyone should be cautious with the IPSec security policy "ping".

Second, use the Third Party firewall tool

We already know the deficiencies of the IPSec security Policy "ping", in order to ensure that the local machine sent packets through the network is correctly transmitted to the target host, you can use other more effective methods, such as using the network firewall "ping".

For the general Internet users, the use of personal network Firewall "Ping" is the simplest way. Applying this method to "anti ping" does not require complex settings, so you can easily achieve the purpose of "ping" if you properly configure the "anti ping" rule that is built into the firewall. Personal network firewalls are more types, almost all can effectively achieve "ping", such as Skynet Personal firewall, rising personal network Firewall, Windows Firewall (or ICF), and so on, the following author to the personal network of rising firewall as an example, describes how to configure the firewall to achieve "ping" purpose.

Running rising personal network Firewall main program, in the main window click the "settings → set rules" option, pop-up "rising personal network Firewall rule Settings" window, in the list of rules must select the "Default ICMP inbound" rule, and then double-click this rule, pop-up Rule Properties dialog box (Figure 1), Here you can make detailed parameter settings, select the "System" option in the "Category" box, choose "Receive" in the "direction" box, and be sure to select the "ICMP" protocol used by the ping command in the "Protocol" box, and select the "No" option in the Action box. Note The choice of ICMP message types, switch to the ICMP Type tab, select the Echo request item in the Type Drop-down list box, and then click the Modify button to save the settings. So rising personal network firewall can be filtered out, ping command used the name "Echo Request" ICMP message, and other useful ICMP message can be safely passed. After the above settings, the use of personal network firewall to effectively "ping" purpose.

Figure 1 Set rising Personal firewall

Iii. using the Routing and Remote Access component

For LAN users, the personal network firewall is difficult to meet their needs, then you have to use the enterprise-class network Firewall "Ping", such as ISA 2004, but for some small LAN, these enterprise-class firewalls are too expensive, difficult to accept, in fact, using Windows 2000/ The "Routing and Remote Access" component of the server's operating system for servers 2003 solves this problem, and the component is built into the Windows system and does not require additional purchases.

The following is an example of a Windows Server 2003 system that describes how to use the Routing and Remote Access component to ping. As you all know, the Routing and Remote Access component has built-in routing table management, VPN services, IP packet filtering, and so on, by default, the Windows Server 2003 system does not have the Routing and Remote Access service enabled, so you first enable it manually. In a Windows Server 2003 gateway server, go to the control Panel → admin tools window, run the Routing and Remote Access tool, right-click the "local" server in the main Routing and Remote Access window, and select the "Configure and Enable Routing and Remote Access" option in the pop-up menu. Next, click the Next button in the Routing and Remote Access Server Setup Wizard dialog box, select the Custom configuration option, click Next, select the LAN router option in the next window, and then click the "Finish" button.

In the main Routing and Remote Access window, expand the IP routing → general option in turn. Then in the "General" box, right click on the Internet network card (Figure 2), select the "Properties" option, and then click the "Inbound Filter" button in the Properties dialog box, pop-up "Inbound Filter" dialog box, select " Receive all packets except those that meet the following options next click the "New" button, the "Add IP Filter" dialog box (see Figure 3), select the "ICMP" protocol in the Protocol Drop-down list box, enter "8 and 0" in the ICMP type and ICMP code columns respectively, and then click " OK button. Where the ICMP type "8", ICMP code "0" message is the ping command "Echo Request" message, and finally click the "OK" button to complete the "Anti ping" setting.
Figure 2 Network adapter selected for connectivity

Figure 3 Adding an IP filter
The above author introduced several different "ping" methods, which are suitable for different network environment, if you are interested, may wish to try.