• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

How to keep a computer from answering to ping?

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Goto page Previous  1, 2, 3  Next
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> UNIX // GNU/Linux

View previous topic :: View next topic  
Author Message
crash-x
Just Arrived
Just Arrived


Joined: 03 Dec 2002
Posts: 0
Location: my room

Offline

PostPosted: Wed Dec 04, 2002 10:03 pm    Post subject: Reply with quote

I block pings ever with iptables, you have only to add this code in your iptables script:

Code:

iptables -A FORWARD -p icmp --icmp-type echo-request -j DROP
Back to top
View user's profile Send private message
b4rtm4n
Trusted SF Member
Trusted SF Member


Joined: 26 May 2002
Posts: 16777206
Location: Bi Mon Sci Fi Con

Offline

PostPosted: Wed Dec 04, 2002 11:11 pm    Post subject: Reply with quote

crash-x wrote:
I block pings ever with iptables, you have only to add this code in your iptables script:

Code:

iptables -A FORWARD -p icmp --icmp-type echo-request -j DROP


Quality response.

See RFC 792 for all the guff on ICMP
Back to top
View user's profile Send private message Send e-mail
igir3dsk1
Just Arrived
Just Arrived


Joined: 28 Sep 2002
Posts: 4
Location: 7h3 !n73rn37 :)

Offline

PostPosted: Thu Dec 05, 2002 12:11 am    Post subject: Reply with quote

crash-x wrote:

Code:

iptables -A FORWARD -p icmp --icmp-type echo-request -j DROP

How come after I did it my computer started to respond to the pings?

Thanks.
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
delete852
Just Arrived
Just Arrived


Joined: 19 Nov 2002
Posts: 4
Location: Washington DC

Offline

PostPosted: Thu Dec 05, 2002 3:05 am    Post subject: Reply with quote

Well IpSec is just another VPN protocol as I remember, but to block ICMP requests on a win2k Box, as i do in my home do the following:
1)Open up MMC, and add in Ip Security snap in
2)Create a new policy, name it whaever, and give it a description
3)then look at it's properties, click Edit, There you see, which type of packet it sees, and what it does with it on the next tab. I have a Deny action, you might have to make one, I don't remember if it already was there, to create it go to Add, and just follow the boxes, it might seem overwhelming at the begning, but you will get familiar with it soon. As if it will block P2P, I don't really know, it shouldn't really, but I don't know enought to give a 100% advice. Try it, tell me how it goes.
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
igir3dsk1
Just Arrived
Just Arrived


Joined: 28 Sep 2002
Posts: 4
Location: 7h3 !n73rn37 :)

Offline

PostPosted: Thu Dec 05, 2002 3:09 am    Post subject: Reply with quote

Thanks Wink ,but I use Linux, Crying or Very sad

Thanks<<<r>>>
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
b4rtm4n
Trusted SF Member
Trusted SF Member


Joined: 26 May 2002
Posts: 16777206
Location: Bi Mon Sci Fi Con

Offline

PostPosted: Thu Dec 05, 2002 1:01 pm    Post subject: Reply with quote

Mos' likely that you have another rule which allows echo-requests in.

Do you have a large complex set of rules and do you have a DROP/DENY everything else at the end?
Back to top
View user's profile Send private message Send e-mail
browolf
Trusted SF Member
Trusted SF Member


Joined: 19 Apr 2002
Posts: 1


Offline

PostPosted: Thu Dec 05, 2002 3:01 pm    Post subject: Reply with quote

delete852 wrote:
Well IpSec is just another VPN protocol as I remember, but to block ICMP requests on a win2k Box, as i do in my home do the following:
1)Open up MMC, and add in Ip Security snap in
2)Create a new policy, name it whaever, and give it a description
3)then look at it's properties, click Edit, There you see, which type of packet it sees, and what it does with it on the next tab. I have a Deny action, you might have to make one, I don't remember if it already was there, to create it go to Add, and just follow the boxes, it might seem overwhelming at the begning, but you will get familiar with it soon. As if it will block P2P, I don't really know, it shouldn't really, but I don't know enought to give a 100% advice. Try it, tell me how it goes.


i've managed to do it on my work computer. and nothing seems to have broken. but i dont use p2p on that Smile
Back to top
View user's profile Send private message
delete852
Just Arrived
Just Arrived


Joined: 19 Nov 2002
Posts: 4
Location: Washington DC

Offline

PostPosted: Thu Dec 05, 2002 4:18 pm    Post subject: Reply with quote

it's a nifty feature, and i like it a lot, you can sort the data by port numbers and IPs. I need to read some more stuff about it.
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
igir3dsk1
Just Arrived
Just Arrived


Joined: 28 Sep 2002
Posts: 4
Location: 7h3 !n73rn37 :)

Offline

PostPosted: Thu Dec 05, 2002 10:07 pm    Post subject: Reply with quote

b4rtm4n wrote:
Mos' likely that you have another rule which allows echo-requests in.

Do you have a large complex set of rules and do you have a DROP/DENY everything else at the end?



Sorry for the question but where can I find that? Shocked

Thanks
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
b4rtm4n
Trusted SF Member
Trusted SF Member


Joined: 26 May 2002
Posts: 16777206
Location: Bi Mon Sci Fi Con

Offline

PostPosted: Fri Dec 06, 2002 6:22 pm    Post subject: Reply with quote

igir3dsk1 wrote:
b4rtm4n wrote:
Mos' likely that you have another rule which allows echo-requests in.

Do you have a large complex set of rules and do you have a DROP/DENY everything else at the end?



Sorry for the question but where can I find that? Shocked

Thanks


iptables -L -n or ipchains -L -n (depending on which u r running) will list all rules without resolving DNS.

You should be able to work out whats wrong from that. Very Happy
Back to top
View user's profile Send private message Send e-mail
igir3dsk1
Just Arrived
Just Arrived


Joined: 28 Sep 2002
Posts: 4
Location: 7h3 !n73rn37 :)

Offline

PostPosted: Fri Dec 06, 2002 10:40 pm    Post subject: Reply with quote

I did it and this is what it says:
____________________________________
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
-----------------------------------------------------
What does it mean?

Thanks a lot.
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
crash-x
Just Arrived
Just Arrived


Joined: 03 Dec 2002
Posts: 0
Location: my room

Offline

PostPosted: Fri Dec 06, 2002 10:53 pm    Post subject: Do somebody know how to block that nmap can't finger my OS ? Reply with quote

Do somebody know how to block that nmap can't finger my OS ?
Back to top
View user's profile Send private message
igir3dsk1
Just Arrived
Just Arrived


Joined: 28 Sep 2002
Posts: 4
Location: 7h3 !n73rn37 :)

Offline

PostPosted: Fri Dec 06, 2002 10:58 pm    Post subject: Reply with quote

crash-x wrote:
Do somebody know how to block that nmap can't finger my OS ?

You can still finger a computer even though port 79 is closed? Shocked
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
crash-x
Just Arrived
Just Arrived


Joined: 03 Dec 2002
Posts: 0
Location: my room

Offline

PostPosted: Fri Dec 06, 2002 11:19 pm    Post subject: Reply with quote

it is closed but nmap can get OS information when 2port are open, and i have 80 and 21 open, so it can get my OS, maybe somebody know how i can block it without closing all ports.
Back to top
View user's profile Send private message
igir3dsk1
Just Arrived
Just Arrived


Joined: 28 Sep 2002
Posts: 4
Location: 7h3 !n73rn37 :)

Offline

PostPosted: Fri Dec 06, 2002 11:22 pm    Post subject: Reply with quote

crash-x wrote:
it is closed but nmap can get OS information when 2port are open, and i have 80 and 21 open, so it can get my OS, maybe somebody know how i can block it without closing all ports.



Thanks a lot for the information. Wink
<<<r3dsk1>>>


Last edited by igir3dsk1 on Sat Dec 07, 2002 7:10 am; edited 1 time in total
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Sat Dec 07, 2002 7:07 am    Post subject: Reply with quote

crash-x wrote:
it is closed but nmap can get OS information when 2port are open, and i have 80 and 21 open, so it can get my OS, maybe somebody know how i can block it without closing all ports.


Randomise the initial TCP/IP sequence number and remove all banners from services.

That should defeat nmap..
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> UNIX // GNU/Linux All times are GMT + 2 Hours
Goto page Previous  1, 2, 3  Next
Page 2 of 3


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Looking for more Windows Networking info?

Sign up to the WindowsNetworking.com Monthly Newsletter, written by Enterprise Security MVP Deb Shinder, containing news, the hottest tips, Networking links of the month and much more. Subscribe today and don't miss a thing!
View a sample newsletter.

Become a WindowsNetworking.com member!

Discuss your Windows Networking issues with thousands of other Windows Newtorking experts. Click here to join!

Community Area

Log in | Register

Readers' Choice

Which is your preferred data recovery solution?

Follow TechGenix on Twitter