echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
Enter the Linux system as root, then edit the file icmp_echo_ignore_all
vi /proc/sys/net/ipv4/icmp_echo_ignore_all and
change its value to 1 to disable PING,
then change its value to 0 to release PING
Modifying directly will prompt an error:
WARNING: The file has been changed since reading it!!!
Do you really want to write to it (y/n)?y
"icmp_echo_ignore_all" E667: Fsync failed
Hit ENTER or type command to continue
This is because proc/sys/net/ipv4/icmp_echo_ignore_all
is not a real file.
If you want to modify its value, you can echo 0 or 1 to this file
(ie echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all ). If you want to make permanent changes, you can add a line
net.ipv4.icmp_echo_ignore_all=1
Go to the configuration file /etc/sysctl.conf
Step 1: Add a stand-alone snap
-in Start - Run, enter: mmc, start to open the "Console" window. Then click "Add/Remove Snap-in" under the "Console" menu, click the "Add" button, select the "IP Security Policy Management" item in the pop-up window, and click the "Add" button. In the open window, select the management object as "Local Computer", click the "Finish" button, and close the "Add/Remove Snap-in" window at the same time, and return to the main console.
(Picture 1)
Step 2: Create IP Security Policy
Right-click the newly added "IP Security Policy, on the local machine" (Figure 2), select "Create IP Security Policy", click "Next", and then enter a policy description, such as " no Ping” (Figure 3). Click Next, select the Activate Default Response Rule checkbox, and click Next. Start to set the authentication method, check the option "This string is used to protect the key exchange (pre-shared key)", and then enter some characters (these characters will be used below) (Figure 4). Click "Next", you will be prompted that the IP security policy has been completed, confirm that the "Edit Properties" check box is selected, and click the "Finish" button to open its properties dialog box.
(Picture 2) (Picture 3) (Picture 4)
The third step: Configure the security policy
Click the "Add" button, and click "Next" in the open security rule wizard to set the tunnel termination, here select "This rule does not specify a tunnel". (Picture 6) Click "Next" and select "All Network Connections" to ensure that all computers cannot be pinged. Click "Next", set the authentication method, select the third option "This string is used to protect the key exchange (pre-shared key)" as above and fill in the same content as just now. Click "Next", click the "Add" button in the opening window to open the "IP Filter List" window. (Picture 7) Click "Add", click "Next", set the source address to "My IP Address", click "Next", set the destination address to "Any IP Address", and click "Next" ", select the protocol as ICMP, and now you can click the "Finish" and "Close" buttons to return. At this point, you can see the filter you just created in the IP filter list, select it and click "Next", select the filter action as "Require security settings" option (Figure 8), and then click "Finish" in turn ", "Close" button, save the relevant settings and return to the management console.
(Picture 5) (Picture 6) (Picture 7) (Picture 8)
Step 4: Assign Security Policy
Finally, just right-click the configured "Prohibit Ping" policy in the "Console Root Node" and select the "Assign" command to make the configuration take effect (Figure 9). After the above settings, when another computer pings the computer, it is no longer connected. But if you ping the local computer yourself, you can still communicate. This method is valid for Windows 2000/XP.
(Figure 9)
By default, all Internet Control Message Protocol (ICMP) options are disabled. If the ICMP option is enabled, your network will be visible to the Internet and thus vulnerable to attack.
If you want to enable ICMP, you must log in to the computer as an administrator or a member of the Administrators group, right-click "My Network Places", select "Properties" in the pop-up shortcut menu to open "Network Connections", select the Internet Connection Firewall enabled Connect, open its properties window, and switch to the "Advanced" option page, click "Settings" at the bottom, and the "Advanced Settings" dialog window will appear. On the "ICMP" tab, check the boxes that you want your computer to respond to. Request information type, the check box next to it means that this type of request is enabled, if you want to disable it, please clear the corresponding request information type.
2. Block Ping with a network firewall
Using a firewall to block Ping is the easiest and most effective way. Now basically all firewalls have ICMP filtering enabled by default. Here, the description is based on Jinshan Netdart 2003 and Skynet Firewall Version 2.50.
For users who use Kingsoft 2003, please right-click on the icon of Kingsoft 2003 in the system tray, select "Custom IP Rule Editor" in "Utilities" in the pop-up shortcut menu, and in the window that appears Select the "Defend against ICMP type attacks" rule, and remove the "Allow others to use the ping command to probe the local machine" rule, and save the application and it will take effect.
If you are using Skynet firewall, click "Custom IP Rules" on its main interface, then uncheck the "Prevent others from using the ping command to detect" rule, check the "Defend against ICMP attack" rule, and then click "Save/Apply" " to make the IP rule take effect.
3. Enable IP security policy to prevent Ping
IP Security (IP Security) is an IPSec policy, which is used to configure IPSec security services. These policies provide various levels of protection for most types of traffic in most existing networks. You can configure IPSec policies to meet the security needs of a computer, application, organizational unit, domain, site, or global enterprise. You can use the IP Security Policy snap-in provided in Windows XP to define IPSec policies for computers in Active Directory (for domain members) or for local computers (for computers that are not part of a domain).
Take WINDOWS XP as an example, open "Local Security Policy" through "Control Panel" - "Administrative Tools", select IP security policy, here, we can define our own IP security policy. An IP security filter consists of two parts: filter policy and filter action. To create a new IP security filter, you must create your own filtering policy and filtering operation. Right-click "IP Security Policy, Local Machine" on the left side of the window, select "Create IP Security Policy" from the pop-up shortcut menu, and click " Next," and enter a policy name and policy description. Click Next, select the Activate Default Response Rule checkbox, and click Next. Start to set the authentication method of the response rule, select the "This string is used to protect the key exchange (pre-shared key)" option, and then enter some characters (these characters will be used later), and click "Next" , it will prompt that the IP security policy has been completed, confirm that the "Edit Properties" check box is selected, and click the "Finish" button to open its properties dialog box.
The next step is to configure the new security policy. Click the "Add" button in the "Rules" tab of the "Goodbye Ping Properties" dialog window, and click "Next" in the open security rule wizard to set up the tunnel termination, here select "This rule does not specify a tunnel" . Click "Next" and select "All network connections" to ensure that all computers cannot be pinged. Click "Next", set the authentication method, select the third option "This string is used to protect the key exchange (pre-shared key)" as above and fill in the same content as just above. Click "Next" to open the "IP Filter List" window, select "New IP Filter List" in "IP Filter List", click "Edit" on the right, and click "Add" in the window that appears ", click "Next", set "Source Address" to "My IP Address", click "Next", set "Destination Address" to "Any IP Address", click "Next", select the protocol Type is ICMP, click "Finish" and then click "OK" to return to the window as shown in Figure 9, click "Next", select the filter action as "Require Security" option, and then click "Next", "Finish" ", "OK", "Close" button to save the relevant settings and return to the management console.
Finally, right-click the configured "Goodbye Ping" policy in "Local Security Settings", and select the "Assign" command in the pop-up shortcut menu to make the configuration take effect.
After the above settings, when you ping the computer, you will no longer be able to ping the computer. But if you ping the local computer by yourself, you can still ping through. The operation is basically the same in Windows 2000.
4. Modify the TTL value to prevent Ping
Many intruders like to use the TTL value to judge the operating system. They will first ping your machine. If the TTL value is 128, it is considered that your system is Windows NT/2000. If the TTL value is 128 32 means that the target host operating system is Windows 95/98, and if the TTL value is 255/64, it is considered to be the UNIX/Linux operating system. Since the intruder believes the result reflected by the TTL value, we may wish to modify the TTL value to deceive the intruder and achieve the purpose of protecting the system. Methods as below:
Open the "Notepad" program that comes with Windows, and write the following batch command:
@echo REGEDIT4>>ChangeTTL.reg
@echo.>>ChangeTTL.reg
@echo [HKEY_LOCAL_MACHINESystemCurrentControlSetServicesTcpipParameters]>>ChangeTTL.reg
@echo DefaultTTL= dword:000000ff>>ChangeTTL.reg
@REGEDIT /S /C ChangeTTL.reg
is saved as a batch file with the extension .bat, click this file, the default TTL value of your operating system will be modified to ff, That is, the decimal 255, that is, your operating system is artificially changed to UNIX system!
DefaultTTL=dword:000000ff is used to set the default TTL value of the system. If you want to change the TTL value of your own operating system to the ICMP echo response value of other operating systems, please change the key value of DefaultTTL and pay attention to its The key value is in hexadecimal.
How to prohibit others from pinging their own host (2000 comes with) my
computer - control panel - management tools - local security policy - ip security policy
my host.
There are four steps:
1. Create a ban on ping rule
2. Establish block/allow rule
3. Link these two rules together
4. Assign
details :
1. Right-click ip security policy - manage ip filter table and filter operation - ip filter list - add: name: ping; description: ping; (check "Use Add Wizard"), --- add - next step: specify source/destination ip, protocol type (icmp), next until done, close this dialog.
2. Manage IP Filter Table and Filter Actions - Manage Filter Actions - Add (check "Use Add Wizard") - Next: Name: Refuse; Description: Refuse - Next: Block - Next Until Finished.
3. Right-click ip security policy - create ip security policy - next step: name: prohibit ping; - next step: deactivate the default response rule - next step: select "edit properties" - complete. Then go to "Prohibit ping attribute" - add (check "Use Add Wizard") - next step until "authentication method"; select the third item, enter the shared string - next step: select "in the ip filter list" ping--next: select "refuse-next to finish.
This is the rule you will see on the right side of "Local Security Settings" "No ping", but it has not worked yet.
4. Right click on "Prohibit ping"--assign.
This time, an ip policy that prohibits others from pinging their own machine has been completed.
Quickly find a machine to try, your own machine will not work. It will prompt: request timeout (timeout).
The above is just a small ip filter. You can make other ip strategies by yourself.