Ping prevention method summary! (Transfer)
1. Use advanced settings to prevent Ping
By default, all Internet Control Message Protocol (ICMP) options are disabled. If you enable the ICMP option, your network is visible on the Internet and therefore vulnerable to attacks.
To Enable ICMP, you must log on to your computer as an administrator or a member of the administrators or administrators. Right-click "Network neighbors" and select "properties" from the shortcut menu to enable "Network Connections ", select a connection with the Internet Connection Firewall Enabled, open its Properties window, switch to the "advanced" option page, and click "Settings" at the bottom ", in this case, the "Advanced Settings" dialog box appears. On the "ICMP" tab, select the type of request information you want your computer to respond to. The check box next to the table enables this type of requests, to disable it, clear the request information type.
2. Use a network firewall to block Ping
Using a firewall to block Ping is the simplest and most effective method. Now, basically all firewalls enable the ICMP filter function by default. Here, Kingsoft network firewall 2003 and Skynet firewall 2.50 are used as blue statements.
For users using Kingsoft Network Rule 2003, right-click the Kingsoft Network Rule 2003 icon in the system tray and select "custom IP rule Editor" in the shortcut menu that appears ", in the displayed window, select the "anti-ICMP attack" rule to eliminate the "allow others to use the ping command to detect the Local Machine" rule. After saving the application, the rule will take effect.
If you are using Skynet firewall, click "custom IP rules" on its main interface, do not select the "prevent others from using ping command detection" rule, and select the "Defend against ICMP attacks" rule, click "Save/apply" to make the IP rule take effect.
3. Enable IP Security Policy anti-Ping
The IP Security Policy is used to configure the IPSec Security Service. These policies provide various levels of protection for most communication types in most existing networks. You can configure an IPsec Policy to meet the security needs of your computer, application, organization, domain, site, or global enterprise. You can use the "IP Security Policy" Management Unit provided in Windows XP to define IPSec policies for computers in Active Directory (for domain members) or local computers (for computers not in the domain.
Take Windows XP as an example. Go to "Control Panel"-"Administrative Tools" to open "Local Security Policy" and select an IP Security Policy. Here, we can define our own IP security policies. An IP Security filter consists of two parts: Filter policy and filter operation. To create an IP Security filter, you must create your own filter policy and Filter Operations. Right-click "IP Security Policy, on the local machine" on the left side of the window ", in the shortcut menu that appears, select "create IP Security Policy", click "Next", and enter the Policy Name and Policy Description. Click "Next", select "Activate default response rule", and click "Next ". Start setting the authentication method of the response rule, select the "this string is used to protect key exchange (pre-shared key)" option, and enter some characters (these characters will be used later ), click "Next". A message is displayed, indicating that the IP Security Policy has been completed. confirm that the "Edit attributes" check box is selected and click "finish". The "properties" dialog box is displayed.
Next, configure the new security policy. In the "Rules" option page of the "Goodbye Ping properties" dialog box, click the "add" button, and click "Next" in the open security rules Wizard to set the tunnel termination, select "this rule does not specify a tunnel ". Click "Next" and select "all network connections" to ensure that all computers cannot be pinged. Click "Next", set the authentication method, select the third option "this string is used to protect key exchange (pre-shared key)", and enter the same content as above. Click "Next" to open the "IP Filter list" window, select "new IP Filter list" in "IP Filter list", and click "edit" on the right ", in the displayed window, click "add", click "Next", set "Source Address" to "my IP Address", and click "Next ", set "target address" to "any IP Address", click "Next", select ICMP as the protocol type, click "finish", and click "OK" to return to the window 9, click "Next" and select the "require security" option for filter operations, then, click "Next", "complete", "OK", and "close" to save the relevant settings and return to the Management Console.
Finally, in "Local Security Settings", right-click the configured "Goodbye ping" policy and select the "Assign" command in the shortcut menu to make the configuration take effect.
After the above settings, when other computers ping the computer again, it will not be pinged. However, if you ping your local computer, you can still ping it. In Windows 2000, the operations are basically the same.
4. Modify the TTL value to prevent Ping
Many intruders like to use the TTL value to determine the operating system. First, they ping your host. If the TTL value is 128, they think that your system is Windows NT/2000, if the TTL value is 32, the operating system of the target host is Windows 95/98. If the TTL value is 255/64, the host is regarded as a Unix/Linux operating system. Since intruders believe the results returned by the TTL value, we may wish to modify the TTL value to deceive the intruders to protect the system. The method is as follows:
Open the "Notepad" program in windows and write the following batch processing command:
@ Echo regedit4> changettl. Reg
@ Echo.> changettl. Reg
@ Echo [hkey_local_machinesystemcurrentcontrolsetservicestcpipparameters]> changettl. Reg
@ Echo defaultttl = DWORD: 000000ff> changettl. Reg
@ Regedit/S/C changettl. Reg
Save. bat is a batch file with the extension. Click this file. The default TTL value of your operating system will be changed to FF, that is, 255 in decimal format, that is to say, you have changed your operating system to a UNIX system!
Defaultttl = DWORD: 000000ff is used to set the default TTL value of the system. If you want to change the TTL value of your operating system to the ICMP echo response value of other operating systems, please change the defaultttl key value. Note that its key value is in hexadecimal notation.
How to prohibit others from Pinging their hosts (2000 built-in)
My computer-control panel-Administrative Tools-Local Security Policy-IP Security Policy
This is the IP address management configuration tool provided by 2000. Here I will only talk about how to prevent others from pinging my host.
There are four steps:
1. Create a ping rule
2. Create prohibition/allow rules
3. Associate these two rules
4. Assign
Details:
1. Right-click IP Security Policy-manage IP Filter table and Filter Operations-IP Filter list-add: Name: Ping; Description: Ping; (check "use add wizard "), --- add-next step: Specify the source/destination IP address and protocol type (ICMP). Click Next to complete. Close this dialog box.
2. Manage IP Filter tables and filters-manage Filters-add (select "use add wizard")-Next: Name: refuse; Description: refuse-Next: block-next to complete.
3. Right-click IP Security Policy-create IP Security Policy-Next: Name: Disable Ping; -- next: Cancel activation default response rule-Next: select Edit attribute. Next, click "Disable Ping attribute"> "add" (check "use add wizard")> next to "authentication method". Select the third item and enter the shared string-next step: in the IP Filter list, select "ping -- next: Select" refuse-next to complete.
This is the rule "Ping prohibited" on the right side of "Local Security Settings", but it does not work yet.
4. Right-click "Disable ping" -- assign.
This time, an IP policy is completed to prohibit others from Pinging their machines.
Hurry up and try a machine. Your machine won't work. Will prompt: Request timeout (timeout ).
The above is just a small IP address filter. You can create other IP policies by yourself.
This article from the csdn blog, reproduced please indicate the source: http://blog.csdn.net/CSWCHF/archive/2009/06/27/4303493.aspx