Home PC Games Linux Windows Database Network Programming Server Mobile  
  Home \ Linux \ IP Security Policy is to learn how to prevent Ping and closed ports     - SUSE Linux network configuration and firewall configuration (Linux)

- CentOS7 build GlusterFS (Linux)

- Java application server WildFly (Server)

- Linux crontab commands and detailed usage examples (Linux)

- Ubuntu 12.04 / 14.04 users to install software LyX document processing (Linux)

- OpenStack image production in the CentOS 6.2 (Linux)

- Linux kernel RCU (Read Copy Update) lock Brief (Linux)

- Linux kernel TCP / IP parameters analysis and tuning (Linux)

- MySQL query performance comparison of a single truth (Database)

- Linux administrator should command: sed and awk (Linux)

- Linux Mint brightness adjustment --xrandr command learning (Linux)

- To install GCC development environment under SUSE11 (Linux)

- Linux command Detailed chpasswd bulk edit user password (Linux)

- Java filter (Programming)

- Installed FFmpeg 2.6.3 on Ubuntu / Debian / Fedora system (Linux)

- Use C program in JavaScript (Programming)

- JBPM6 Tutorial - taught you how to install JBPM (Linux)

- Boot-Repair Tool - repair of frequent start-up problems (Linux)

- Shell generated using automated configuration script Orabbix (Database)

- To install Internet security firewall Raiders (Linux)

  IP Security Policy is to learn how to prevent Ping and closed ports
  Add Date : 2016-11-30      
  Normally found in the network is, we will use the ping command to see what the problem is, but there are many hackers with the ping command to see what the computer is suitable for broilers.

With more and more people use the campus network, improve network users' knowledge, many people download some hacking tools on the Internet or use Ping command to scan ports, IP to find the meat machine, brought a very bad influence.

Ping command it can provide you with the address to send a small data packet, and then listen for the machine have the "answer." Find now which machines on the network activity. That is, using the ICMP Ping invasion invasion, the principle is to issue continuous large number of requests so that the CPU usage of the computer reaches 100% and high system crash or crash through Ping within a period of time to the computer. Based on this, writing this article IP security policy to protect against Ping your system security.

In fact, installing and setting up a firewall against Ping can also be solved, but not every computer will be the firewall to install, set up to consider the skills of resource consumption as well. If you install a firewall but not to modify, add that IP rules as useless. Some configuration is not very resource intensive in order to avoid to give the firewall security settings in your system manually is a little on the way.

(A) Create IP Security Policy

1. Click "Start -> Control Panel -> Administrative Tools -> Local Security Policy", open the "Local Security Settings" dialog box, right-click the left side of "IP Security Policies on Local Computer" option , execute the "Create IP security policy" command. (Between some simple process Click Next and the like omitted)

2, in the "default response rule authentication method" dialog box that appears, we select "This string is used to protect the key exchange (pre-shared key)" option, and then in the text box below a string of any type. (Such as "Prohibition Ping")

3, after the completion of the work to create the IP Security policy in the "IP Filter List" window, click "Add" button, then will pop up "IP Filter Wizard" window, we click on "Next", then will pop up "IP communication source" page, set the "source address" on the page "my IP address"; "target address" to "any IP address", the IP address of any computer can not Ping your machine.

In the "Filter Properties" closable port. Such as closed TCP port 135 protocol: Choose "TCP" in the "Select a protocol type" drop-down list, then enter "135" in "this port" text box, click on the "OK" button, so add a shield TCP 135 (RPC) port of the filter, it can prevent the outside world through the 135 port connected to your computer. Repeat closable TCP UDP and so they think is necessary to close the port. Not here to write.

4, click "Next" -> "Finish" At this point, you will be "IP Filter List" to see the filter you just created, select it and click "Next", we event of the "filter Action" page to set the filter action to "need security" option.

(B) assign IP Security Policies

After the security policy is created and can not take effect immediately, we need through the "assign" function so that it play a role. The method is: Right click "New IP Security Policy" entry in the "Console Root" and then execute "assign" command in the pop-up menu, you can enable the policy.

So far, this host has had other machine refused to function any Ping own IP address, but still in the local Ping to himself. After this setup, all users (including administrators) can not operate on this server Ping on other machines. Since you no longer have to worry about being Ping threat. If then the number of hacking tools, Trojan horses often you explore the port closure system of the more impregnable.
- Attic-- delete duplicate data backup program (Linux)
- Will Laravel become the most successful PHP framework? (Programming)
- Ubuntu configuration SVN and http mode access (Server)
- C # using the HttpClient Note: Preheat the long connection (Programming)
- Linux character device - automatically creates the device nodes and devices (Linux)
- Thinking in Java study notes - initialization and cleanup (Programming)
- Performance issues under CentOS 6.5 VLAN devices (Linux)
- Git build a team development environment operating drills (Linux)
- Understand ASP.NET 5 running the command: DNVM, DNX, and DNU (Server)
- Distributed transaction management Spring declarative transactions (Programming)
- The Samba service does not have permission to access (Server)
- How to configure HTTP Strict Transport Security (HSTS) (Linux)
- ORA-12547: TNS: lost contact error Solution (Database)
- NGINX Plus now fully supports HTTP / 2 (Server)
- MongoDB in bulk timestamp change the date format (Database)
- Use Tmux and Vim to make IDE (Linux)
- Dom4j change XML coding (Programming)
- Linux operating system boot manager -GRUB (Linux)
- Ordinary users how the Linux system shutdown (Linux)
- Build your own Web server under Ubuntu Linux system (Server)
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.