| |
Normally found in the network is, we will use the ping command to see what the problem is, but there are many hackers with the ping command to see what the computer is suitable for broilers.
With more and more people use the campus network, improve network users' knowledge, many people download some hacking tools on the Internet or use Ping command to scan ports, IP to find the meat machine, brought a very bad influence.
Ping command it can provide you with the address to send a small data packet, and then listen for the machine have the "answer." Find now which machines on the network activity. That is, using the ICMP Ping invasion invasion, the principle is to issue continuous large number of requests so that the CPU usage of the computer reaches 100% and high system crash or crash through Ping within a period of time to the computer. Based on this, writing this article IP security policy to protect against Ping your system security.
In fact, installing and setting up a firewall against Ping can also be solved, but not every computer will be the firewall to install, set up to consider the skills of resource consumption as well. If you install a firewall but not to modify, add that IP rules as useless. Some configuration is not very resource intensive in order to avoid to give the firewall security settings in your system manually is a little on the way.
(A) Create IP Security Policy
1. Click "Start -> Control Panel -> Administrative Tools -> Local Security Policy", open the "Local Security Settings" dialog box, right-click the left side of "IP Security Policies on Local Computer" option , execute the "Create IP security policy" command. (Between some simple process Click Next and the like omitted)
2, in the "default response rule authentication method" dialog box that appears, we select "This string is used to protect the key exchange (pre-shared key)" option, and then in the text box below a string of any type. (Such as "Prohibition Ping")
3, after the completion of the work to create the IP Security policy in the "IP Filter List" window, click "Add" button, then will pop up "IP Filter Wizard" window, we click on "Next", then will pop up "IP communication source" page, set the "source address" on the page "my IP address"; "target address" to "any IP address", the IP address of any computer can not Ping your machine.
In the "Filter Properties" closable port. Such as closed TCP port 135 protocol: Choose "TCP" in the "Select a protocol type" drop-down list, then enter "135" in "this port" text box, click on the "OK" button, so add a shield TCP 135 (RPC) port of the filter, it can prevent the outside world through the 135 port connected to your computer. Repeat closable TCP UDP and so they think is necessary to close the port. Not here to write.
4, click "Next" -> "Finish" At this point, you will be "IP Filter List" to see the filter you just created, select it and click "Next", we event of the "filter Action" page to set the filter action to "need security" option.
(B) assign IP Security Policies
After the security policy is created and can not take effect immediately, we need through the "assign" function so that it play a role. The method is: Right click "New IP Security Policy" entry in the "Console Root" and then execute "assign" command in the pop-up menu, you can enable the policy.
So far, this host has had other machine refused to function any Ping own IP address, but still in the local Ping to himself. After this setup, all users (including administrators) can not operate on this server Ping on other machines. Since you no longer have to worry about being Ping threat. If then the number of hacking tools, Trojan horses often you explore the port closure system of the more impregnable. |
|
|
|