When thinking of hackers, they always come without a trace, and the means are mysterious. In fact, they are not omnipotent, and the main reason for their success comes from system vulnerabilities. Now let's analyze some content about ICMP attacks. Helps you prevent attacks. Using system defects for various intrusions has always been an important way for hackers. Especially for family users with low awareness, hackers are more likely to gain access, readers who know about computer networks know that Ping commands are often used to check whether the network is smooth. However, this command can also cause serious consequences for Windows systems, namely Ping intrusion, or ICMP protocol attacks.
The ICMP protocol controls message error messages over the Internet. The principle of using ICMP protocol attacks is to Ping a large number of data packets to cause the computer to crash due to high CPU usage, generally, hackers send a large number of requests continuously to the computer within a period of time, resulting in high CPU usage and crash.
Although many firewalls can filter the PING, how can we effectively prevent ICMP attacks when no firewall is installed? In fact, you only need to configure the default firewall that comes with the system. The method is as follows:
Step 1:
On the desktop of your computer, right-click "network neighbor → properties → local connection → properties → Internet Protocol (TCP/IP) → properties → advanced → options → TCP/IP filtering → properties ".
Step 2:
In the "TCP/IP filtering" window, click "enable TCP/IP filtering (all adapters )". Then, in the "TCP port, UDP port, and IP protocol" add box, click "only allow", then press the Add button, and then enter the port in the displayed dialog box, generally, the ports used for accessing the Internet are 80 and 8080, while the mail server ports are 25 and 110, and the FTP ports are 20 and 21, add the UDP port and IP protocol.
Step 3:
Open "Control Panel> Administrative Tools> Local Security Policy", right-click "IP Security Policy", and select "manage IP Filter and IP Filter operation" on the local machine ", add a new filter rule in the manage IP Filter and IP Filter operation list, enter "ICMP attack prevention" in the name, and then press add to select any IP address from the source address, select My IP address as the target address. Set the protocol type to ICMP.
Step 4:
In "manage Filter Operations", deselect "use add wizard", add, and enter "Deny operation" in general. The security measure is "Block ". In this way, we have a filtering policy that follows all incoming ICMP packets and discards all packets.
Step 5:
Click "IP Security Policy, on the local machine", and select "create IP Security Policy → next → enter the name as ICMP filter". In the Add filter rule wizard, specify the "ICMP attack prevention" filter policy to the ICMP filter, select "Deny operation", right-click "ICMP attack prevention", and enable it.
Summary:
After the settings, our computer can prevent PING attacks, and many attack methods are protected and immune. Our system security level has also been greatly improved.