【 Weak current College 】 three different "Ping" skills-proof--Power By 【 China power house network 】

On three different methods of "anti-Ping"

We all know, the Ping command is a useful network command, we used it to test network connectivity. But at the same time it also is a double-edged sword, especially the rapid development of the network, some "bad" people on the Internet use it to detect someone else's machine in order to achieve the ulterior motives. In order to ensure the machine in the network security, today many people attach great importance to the "anti-Ping", of course, the "anti-Ping" ways and means are also very much, such as the use of IPSec security policies, Windows built-in firewall, third-party firewall tool, routing and remote access components, etc., in the end the "anti-Ping" methods, is not suitable for your use, the following author with your look!

First, the IPSec security policy "anti-Ping", or used with extreme caution

Use IPSec security policy "anti-Ping", is a commonly used method, after the IPSec security policy configuration in a few steps, you can achieve the effect of preventing Ping. The method of configuration is simple, and the IPSec security policy is a Windows system built-in function components, requires no additional installation, get a lot of users. But here I'd like to remind everyone that use IPSec security policy "anti-Ping", or used with extreme caution.

Why so? first of all we see how IPSec security policy is "anti-Ping", its principle is to create a new IPSec policy to filter out native all ICMP packets. This is effectively the "anti-Ping", but also leave sequelae.

Because the ping command and the ICMP protocol (InternetControlandMessageProtocal) are closely related to the application of the ICMP protocol contains 11 kind of text format, which the ping command is the use of ICMP protocol "EchoRequest" message. IPSec security policy when using Ping-shoot, put all the ICMP packet filtering out all, especially the many useful other format of message is also being filtered. Therefore in some special applications in LAN environment, easy packet loss occurs, the affected user normal office, so I suggest to you is to use IPSec security policy "anti-Ping".

Second, use a third-party firewall tools

We already know the IPSec security policy "anti-Ping" deficiencies, in order to ensure local machine packets through the network is the correct route to the target host, you can use other more effective ways, such as the use of network firewalls "anti-Ping".

For General Internet users, using a personal firewall "anti-Ping" is the most simple way. Use this method to "Ping" proof does not require complex settings, as long as you properly configured firewall built-in "anti-Ping" rule, you can easily achieve the "Ping" the purpose of prevention. The types of personal network firewall, almost all can effectively achieve the "anti-Ping", such as Skynet rising personal firewall, personal firewall, Windows Firewall (or ICF), the following author to rising personal firewall, for example, describes how to configure the firewall for the purpose of the "anti-Ping".

Rising personal firewall running the main program, in the main window click on "settings → settings rules"

Options popup "rising personal firewall rule settings" window, in the rules list, be sure to select "default ICMP inbound rules, and then double-click" this rule, a pop-up "rule properties" dialog box, where you can carry out detailed parameter settings in the "category" box, select the "system" options, "direction" box, select the "accept" option "Protocol" box must be selected by the ping command uses "ICMP" agreement, actions box, select the "suppress" option. Here it is necessary to pay attention to ICMP message type selection, switch to the "ICMP type" tab, in the "type" drop-down list box, be sure to select "EchoRequest"

Item last click on the "amendment" button to save the settings. This rising personal firewall can filter out, used by the Ping commandis named "EchoRequest" ICMP packets, and other useful ICMP packet is safe. After completing the above setup, you implement the use of personal network firewall effectively "anti-Ping".

3. use the "Routing and remote access" component

For LAN users, personal network firewall is very difficult to meet their needs, then you must use the enterprise-class network firewall "Ping", such as preventing ISA2004, etc, but for some small local area network, these enterprise-class firewall too expensive, difficult to accept, in fact using Windows2000/Server2003 server operating systems "Routing and remote access" components should be able to solve the problem, and the component is a Windows system built-in, no additional purchase.

The following author to WindowsServer2003 system, for example, describes how to use the "Routing and remote access" components "-Ping". We all know, the "Routing and remote access" component built-in routing table management, VPN services, IP packet filtering capabilities, by default, WindowsServer2003 system did not enable the Routing and remote access service, to enable it first hand. In WindowsServer2003 gateway server, go to "Control Panel → Administration tool" window, run the "Routing and remote access" tools, "Routing and remote access" in the main window, right click on the "local" to the server, in the pop-up menu, select "configure and enable routing and remote access" option, and then in the "Routing and remote access Server Setup Wizard" dialog box click the "next" button, choose "custom configuration" option, and then click on "next" in the next window select "LAN router" option, the last click "Finish" button.

In the "Routing and remote access" in the main window, expand the "IP routing → General" options, and then in the "General" box in the right click on the Internet-the network adapter, select "Properties" option, and then in the Properties dialog box click on the "inbound filter" button, a pop-up "inboundfilters" dialog box, select "receive all except the following packets" option, the following click "new" button, a pop-up "Add IP filter" dialog box, in the Protocol drop-down list box, select the "ICMP" agreement, "type" and "ICMP ICMP code" enter "in column 8 and 0" and finally click "OK" button. Which ICMP type is "8", ICMP code "0" message is used by the Ping command "EchoRequest" message, and finally click "OK" button to complete the "Ping" set the proof.

Above the author contains different "anti-Ping" method, for different network environments, if you are interested, may wish to try.