How to keep a computer from answering to ping?
Goto page Previous  1, 2, 3  Next  :||:
Networking/Security Forums -> UNIX // GNU/Linux

Author: crash-xLocation: my room PostPosted: Wed Dec 04, 2002 10:03 pm    Post subject:
    ----
I block pings ever with iptables, you have only to add this code in your iptables script:

Code:

iptables -A FORWARD -p icmp --icmp-type echo-request -j DROP

Author: b4rtm4nLocation: Bi Mon Sci Fi Con PostPosted: Wed Dec 04, 2002 11:11 pm    Post subject:
    ----
crash-x wrote:
I block pings ever with iptables, you have only to add this code in your iptables script:

Code:

iptables -A FORWARD -p icmp --icmp-type echo-request -j DROP


Quality response.

See RFC 792 for all the guff on ICMP

Author: igir3dsk1Location: 7h3 !n73rn37 :) PostPosted: Thu Dec 05, 2002 12:11 am    Post subject:
    ----
crash-x wrote:

Code:

iptables -A FORWARD -p icmp --icmp-type echo-request -j DROP

How come after I did it my computer started to respond to the pings?

Thanks.

Author: delete852Location: Washington DC PostPosted: Thu Dec 05, 2002 3:05 am    Post subject:
    ----
Well IpSec is just another VPN protocol as I remember, but to block ICMP requests on a win2k Box, as i do in my home do the following:
1)Open up MMC, and add in Ip Security snap in
2)Create a new policy, name it whaever, and give it a description
3)then look at it's properties, click Edit, There you see, which type of packet it sees, and what it does with it on the next tab. I have a Deny action, you might have to make one, I don't remember if it already was there, to create it go to Add, and just follow the boxes, it might seem overwhelming at the begning, but you will get familiar with it soon. As if it will block P2P, I don't really know, it shouldn't really, but I don't know enought to give a 100% advice. Try it, tell me how it goes.

Author: igir3dsk1Location: 7h3 !n73rn37 :) PostPosted: Thu Dec 05, 2002 3:09 am    Post subject:
    ----
Thanks Wink ,but I use Linux, Crying or Very sad

Thanks<<<r>>>

Author: b4rtm4nLocation: Bi Mon Sci Fi Con PostPosted: Thu Dec 05, 2002 1:01 pm    Post subject:
    ----
Mos' likely that you have another rule which allows echo-requests in.

Do you have a large complex set of rules and do you have a DROP/DENY everything else at the end?

Author: browolf PostPosted: Thu Dec 05, 2002 3:01 pm    Post subject:
    ----
delete852 wrote:
Well IpSec is just another VPN protocol as I remember, but to block ICMP requests on a win2k Box, as i do in my home do the following:
1)Open up MMC, and add in Ip Security snap in
2)Create a new policy, name it whaever, and give it a description
3)then look at it's properties, click Edit, There you see, which type of packet it sees, and what it does with it on the next tab. I have a Deny action, you might have to make one, I don't remember if it already was there, to create it go to Add, and just follow the boxes, it might seem overwhelming at the begning, but you will get familiar with it soon. As if it will block P2P, I don't really know, it shouldn't really, but I don't know enought to give a 100% advice. Try it, tell me how it goes.


i've managed to do it on my work computer. and nothing seems to have broken. but i dont use p2p on that Smile

Author: delete852Location: Washington DC PostPosted: Thu Dec 05, 2002 4:18 pm    Post subject:
    ----
it's a nifty feature, and i like it a lot, you can sort the data by port numbers and IPs. I need to read some more stuff about it.

Author: igir3dsk1Location: 7h3 !n73rn37 :) PostPosted: Thu Dec 05, 2002 10:07 pm    Post subject:
    ----
b4rtm4n wrote:
Mos' likely that you have another rule which allows echo-requests in.

Do you have a large complex set of rules and do you have a DROP/DENY everything else at the end?



Sorry for the question but where can I find that? Shocked

Thanks

Author: b4rtm4nLocation: Bi Mon Sci Fi Con PostPosted: Fri Dec 06, 2002 6:22 pm    Post subject:
    ----
igir3dsk1 wrote:
b4rtm4n wrote:
Mos' likely that you have another rule which allows echo-requests in.

Do you have a large complex set of rules and do you have a DROP/DENY everything else at the end?



Sorry for the question but where can I find that? Shocked

Thanks


iptables -L -n or ipchains -L -n (depending on which u r running) will list all rules without resolving DNS.

You should be able to work out whats wrong from that. Very Happy

Author: igir3dsk1Location: 7h3 !n73rn37 :) PostPosted: Fri Dec 06, 2002 10:40 pm    Post subject:
    ----
I did it and this is what it says:
____________________________________
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
-----------------------------------------------------
What does it mean?

Thanks a lot.

Author: crash-xLocation: my room PostPosted: Fri Dec 06, 2002 10:53 pm    Post subject: Do somebody know how to block that nmap can't finger my OS ?
    ----
Do somebody know how to block that nmap can't finger my OS ?

Author: igir3dsk1Location: 7h3 !n73rn37 :) PostPosted: Fri Dec 06, 2002 10:58 pm    Post subject:
    ----
crash-x wrote:
Do somebody know how to block that nmap can't finger my OS ?

You can still finger a computer even though port 79 is closed? Shocked

Author: crash-xLocation: my room PostPosted: Fri Dec 06, 2002 11:19 pm    Post subject:
    ----
it is closed but nmap can get OS information when 2port are open, and i have 80 and 21 open, so it can get my OS, maybe somebody know how i can block it without closing all ports.

Author: igir3dsk1Location: 7h3 !n73rn37 :) PostPosted: Fri Dec 06, 2002 11:22 pm    Post subject:
    ----
crash-x wrote:
it is closed but nmap can get OS information when 2port are open, and i have 80 and 21 open, so it can get my OS, maybe somebody know how i can block it without closing all ports.



Thanks a lot for the information. Wink
<<<r3dsk1>>>


Last edited by igir3dsk1 on Sat Dec 07, 2002 7:10 am; edited 1 time in total

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Sat Dec 07, 2002 7:07 am    Post subject:
    ----
crash-x wrote:
it is closed but nmap can get OS information when 2port are open, and i have 80 and 21 open, so it can get my OS, maybe somebody know how i can block it without closing all ports.


Randomise the initial TCP/IP sequence number and remove all banners from services.

That should defeat nmap..



Networking/Security Forums -> UNIX // GNU/Linux


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Goto page Previous  1, 2, 3  Next  :||:
Page 2 of 3

Powered by phpBB 2.0.x © 2001 phpBB Group