View previous topic :: View next topic |
Author |
Message |
crash-x Just Arrived
Joined: 03 Dec 2002 Posts: 0 Location: my room
|
Posted: Wed Dec 04, 2002 10:03 pm Post subject: |
|
|
I block pings ever with iptables, you have only to add this code in your iptables script:
Code: |
iptables -A FORWARD -p icmp --icmp-type echo-request -j DROP
|
|
|
Back to top |
|
|
b4rtm4n Trusted SF Member
Joined: 26 May 2002 Posts: 16777206 Location: Bi Mon Sci Fi Con
|
Posted: Wed Dec 04, 2002 11:11 pm Post subject: |
|
|
crash-x wrote: |
I block pings ever with iptables, you have only to add this code in your iptables script:
Code: |
iptables -A FORWARD -p icmp --icmp-type echo-request -j DROP
|
|
Quality response.
See RFC 792 for all the guff on ICMP
|
|
Back to top |
|
|
igir3dsk1 Just Arrived
Joined: 28 Sep 2002 Posts: 4 Location: 7h3 !n73rn37 :)
|
Posted: Thu Dec 05, 2002 12:11 am Post subject: |
|
|
crash-x wrote: |
Code: |
iptables -A FORWARD -p icmp --icmp-type echo-request -j DROP
|
|
How come after I did it my computer started to respond to the pings?
Thanks.
|
|
Back to top |
|
|
delete852 Just Arrived
Joined: 19 Nov 2002 Posts: 4 Location: Washington DC
|
Posted: Thu Dec 05, 2002 3:05 am Post subject: |
|
|
Well IpSec is just another VPN protocol as I remember, but to block ICMP requests on a win2k Box, as i do in my home do the following:
1)Open up MMC, and add in Ip Security snap in
2)Create a new policy, name it whaever, and give it a description
3)then look at it's properties, click Edit, There you see, which type of packet it sees, and what it does with it on the next tab. I have a Deny action, you might have to make one, I don't remember if it already was there, to create it go to Add, and just follow the boxes, it might seem overwhelming at the begning, but you will get familiar with it soon. As if it will block P2P, I don't really know, it shouldn't really, but I don't know enought to give a 100% advice. Try it, tell me how it goes.
|
|
Back to top |
|
|
igir3dsk1 Just Arrived
Joined: 28 Sep 2002 Posts: 4 Location: 7h3 !n73rn37 :)
|
Posted: Thu Dec 05, 2002 3:09 am Post subject: |
|
|
Thanks ,but I use Linux,
Thanks<<<r>>>
|
|
Back to top |
|
|
b4rtm4n Trusted SF Member
Joined: 26 May 2002 Posts: 16777206 Location: Bi Mon Sci Fi Con
|
Posted: Thu Dec 05, 2002 1:01 pm Post subject: |
|
|
Mos' likely that you have another rule which allows echo-requests in.
Do you have a large complex set of rules and do you have a DROP/DENY everything else at the end?
|
|
Back to top |
|
|
browolf Trusted SF Member
Joined: 19 Apr 2002 Posts: 1
|
Posted: Thu Dec 05, 2002 3:01 pm Post subject: |
|
|
delete852 wrote: |
Well IpSec is just another VPN protocol as I remember, but to block ICMP requests on a win2k Box, as i do in my home do the following:
1)Open up MMC, and add in Ip Security snap in
2)Create a new policy, name it whaever, and give it a description
3)then look at it's properties, click Edit, There you see, which type of packet it sees, and what it does with it on the next tab. I have a Deny action, you might have to make one, I don't remember if it already was there, to create it go to Add, and just follow the boxes, it might seem overwhelming at the begning, but you will get familiar with it soon. As if it will block P2P, I don't really know, it shouldn't really, but I don't know enought to give a 100% advice. Try it, tell me how it goes. |
i've managed to do it on my work computer. and nothing seems to have broken. but i dont use p2p on that
|
|
Back to top |
|
|
delete852 Just Arrived
Joined: 19 Nov 2002 Posts: 4 Location: Washington DC
|
Posted: Thu Dec 05, 2002 4:18 pm Post subject: |
|
|
it's a nifty feature, and i like it a lot, you can sort the data by port numbers and IPs. I need to read some more stuff about it.
|
|
Back to top |
|
|
igir3dsk1 Just Arrived
Joined: 28 Sep 2002 Posts: 4 Location: 7h3 !n73rn37 :)
|
Posted: Thu Dec 05, 2002 10:07 pm Post subject: |
|
|
b4rtm4n wrote: |
Mos' likely that you have another rule which allows echo-requests in.
Do you have a large complex set of rules and do you have a DROP/DENY everything else at the end? |
Sorry for the question but where can I find that?
Thanks
|
|
Back to top |
|
|
b4rtm4n Trusted SF Member
Joined: 26 May 2002 Posts: 16777206 Location: Bi Mon Sci Fi Con
|
Posted: Fri Dec 06, 2002 6:22 pm Post subject: |
|
|
igir3dsk1 wrote: |
b4rtm4n wrote: |
Mos' likely that you have another rule which allows echo-requests in.
Do you have a large complex set of rules and do you have a DROP/DENY everything else at the end? |
Sorry for the question but where can I find that?
Thanks |
iptables -L -n or ipchains -L -n (depending on which u r running) will list all rules without resolving DNS.
You should be able to work out whats wrong from that.
|
|
Back to top |
|
|
igir3dsk1 Just Arrived
Joined: 28 Sep 2002 Posts: 4 Location: 7h3 !n73rn37 :)
|
Posted: Fri Dec 06, 2002 10:40 pm Post subject: |
|
|
I did it and this is what it says:
____________________________________
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
-----------------------------------------------------
What does it mean?
Thanks a lot.
|
|
Back to top |
|
|
crash-x Just Arrived
Joined: 03 Dec 2002 Posts: 0 Location: my room
|
Posted: Fri Dec 06, 2002 10:53 pm Post subject: Do somebody know how to block that nmap can't finger my OS ? |
|
|
Do somebody know how to block that nmap can't finger my OS ?
|
|
Back to top |
|
|
igir3dsk1 Just Arrived
Joined: 28 Sep 2002 Posts: 4 Location: 7h3 !n73rn37 :)
|
Posted: Fri Dec 06, 2002 10:58 pm Post subject: |
|
|
crash-x wrote: |
Do somebody know how to block that nmap can't finger my OS ? |
You can still finger a computer even though port 79 is closed?
|
|
Back to top |
|
|
crash-x Just Arrived
Joined: 03 Dec 2002 Posts: 0 Location: my room
|
Posted: Fri Dec 06, 2002 11:19 pm Post subject: |
|
|
it is closed but nmap can get OS information when 2port are open, and i have 80 and 21 open, so it can get my OS, maybe somebody know how i can block it without closing all ports.
|
|
Back to top |
|
|
igir3dsk1 Just Arrived
Joined: 28 Sep 2002 Posts: 4 Location: 7h3 !n73rn37 :)
|
Posted: Fri Dec 06, 2002 11:22 pm Post subject: |
|
|
crash-x wrote: |
it is closed but nmap can get OS information when 2port are open, and i have 80 and 21 open, so it can get my OS, maybe somebody know how i can block it without closing all ports. |
Thanks a lot for the information.
<<<r3dsk1>>>
Last edited by igir3dsk1 on Sat Dec 07, 2002 7:10 am; edited 1 time in total |
|
Back to top |
|
|
ShaolinTiger Forum Fanatic
Joined: 18 Apr 2002 Posts: 16777215 Location: Kuala Lumpur, Malaysia
|
Posted: Sat Dec 07, 2002 7:07 am Post subject: |
|
|
crash-x wrote: |
it is closed but nmap can get OS information when 2port are open, and i have 80 and 21 open, so it can get my OS, maybe somebody know how i can block it without closing all ports. |
Randomise the initial TCP/IP sequence number and remove all banners from services.
That should defeat nmap..
|
|
Back to top |
|
|
|