不通如何设置ip策略使别人ping不通自已（How to set IP strategy to make others Ping impassability）

如何设置ip策略使别人ping不通自已Howto set IP strategy tomake others Ping impassability

By default, all Internet control message protocol (ICMP)options are disabled. If the ICMP option is enabled, yournetwork will be visible in Internet and vulnerable to attack.If you want to enable ICMP, must be as an administrator or amember of the Administrators group on computer, right-click onthe "network neighborhood", on the shortcut menu, select"properties" to open the "network connection", selectedconnection enabled the Internet connection firewall, open theproperties window, and switch to the "advanced" tab. Click the"Settings", then the "advanced settings" dialog window, in the"ICMP" tab, check that type of response to a request forinformation from your computer, check the box next to the tableto enable this type of request, such as to disable thecorresponding request please clear the type of information canbe.

Two, use network firewall to block Ping

Usingfirewalls to blockPing is the simplest andmost effectiveway, and now basically all firewalls have enabled ICMPfiltering by default. Here, with Kingsoft net 2003 and Skynetfirewall 2.50 edition for blue, originally explained.For the use of Kingsoft Internet Security 2003 users, pleaseright-clickmouse Kingsoft 2003 icon in the system tray, selectthe "utility" in the "custom IP rules editor on the shortcutmenu, select the type of ICMP attack defense rules" in the

window that appears, allowing others to eliminate "thedetection" rules with the ping command to save the applicationafter effect.

If you are using a Skynet firewall, in the main screen clickon "custom IP rules", and then uncheck "to prevent others fromusing the ping command detection rule, check the" defense ICMPattack"rules, and then click" save/application"to IP rules.Three, enable IP security policy, prevent Ping

The IP security mechanism (IP Security) , that is, the IPSecpolicy, is used to configure IPSec security services. Thesepolicies provide various levels of protection for mostcommunication types in most existing networks. You canconfigure IPSec policies to meet the security needs of yourcomputer, application, organization, unit, domain, site, orglobal enterprise. You can use the Windows XP in the "IPsecurity policy management unit for Active Directory in thecomputer (for domain members) or the local computer (for do notbelong to the domain of computer) definition of IPSec strategy.Here, for example, WINDOWS XP, through the "control panel" -"management tool" to open the "local security policy", selectthe IP security policy, where we can define their own IPsecurity policy. A IP security filter consists of twocomponents: filtering policies and filtering operations. Tocreate anew IP security filter, youmust create a newfilteringstrategy and filtering operation of its own, right click on theleft sideof thewindowof the"IP securitypolicies on the localmachine", select "create IP security strategy" on the shortcut

menu, click next, and then enter the name and description ofstrategy strategy. Click next to select the activate thedefault response rule check, and then click next". Startsetting response rule authentication method, select the stringused to protect key exchange (pre shared key) "option, and thenenter some characters (these characters will be used later) ,click"next ", itwill prompt the completed IP security strategy,confirm select the check box, click edit properties the" finish"button, the dialog box will open.

Next, you will configure the new security policy. In "GoodbyePing properties" dialog window "rules" in the options page,click the Add button, and in turn the Safety Rules Wizard, clicknext to the end of the tunnel set here, "this rule does notspecify the tunnel". Click next, and select all networkconnections to make sure that all computers are Ping blocked.Click next to set authentication mode,

As above, select the third option. This string is used toprotect the key exchange (pre shared key) and fill in the samecontent as before. Click "next" to open the "IP filter list"window"in the IP filter list" and select "new IP filter list,click on the right side of the" Edit ", click" in the windowthat appears to add ", click" next ", " set the source addressfor "my IP" address ", click"next ", set up the target addressfor any" IP address ", click" next ", select the protocol typefor ICMP, click" finish "and then click" OK "to return to thewindow as shown in Figure 9, click next, select the filteraction for" safety requirements "option, and then click" next", " complete ", " OK ", " close "button to save the settingsrelated to the return management console.

Finally, in the local security settings, right-click theconfiguration of the "Goodbye Ping" strategy, select

"assigned" command on the shortcut menu to apply thisconf igurat ion.

After the settings above, when other computers Ping thecomputer, there is no Ping connection. But if you are Ping localcomputer, you can still Ping. In Windows 2000, the operationis basically the same.

Four, modify the TTL value, prevent Ping

Many invaders love to judge the operating system by the TTLvalue, they will first Ping of your machine, such as see theTTL value of 128 that your system is Windows NT/2000, if theTTL value of 32 is that the target host operating system forWindows 95/98, if 255/64 is that UNIX/Linux operating systemfor the TTL value. Since the intruder believes in the resultof the TTL value, then we might as well modify the TTL valueto deceive the intruder and achieve the purpose of protectingthe system. Method is as follows:

Open the Notepad program that comes with Windows, and write thebatch command as follows:

@echo REGEDIT4>>ChangeTTL.reg

@echo.>>ChangeTTL.reg

@echo

[HKEY_LOCAL_MACHINESystemCurrentControl SetServicesTcpipParameters]>>ChangeTTL.reg

@echo DefaultTTL=dword:000000ff>>ChangeTTL.reg

@REGEDIT /S /C ChangeTTL.reg

In order to save as a.Bat extension of the batch file, clickon the file, the default value of the TTL operating system youwill be modified for FF, 255 decimal, namely your operatingsystem artificially changed to UNIX system!

DefaultTTL=dword:000000ff is used to set the default value ofthe TTL system, if you want to own the TTL operating system toother operating system of the ICMP echo reply, please changethe DefaultTTL key, should pay attention to its value as 16hexadecimal.

How to prohibit others Ping own host (2000 comes)

My computer-control panel -management tools-local securitypolicy, -ip security policy

This is the 2000 to our configuration IP management tool, I'mhere to say only how to ban others, Ping my host.

There are four steps:

1. Set up a no Ping rule

2. Establish a rule of prohibition / permission

3. Tie the two rules together

4. Assign

Detail:

1. Right click the IP security policy management IP filter listsand filter -ip filter list - added: Name: Ping; Ping;Description: (check"use addWizard") , -added-the next step:Specifies the source / destination IP, protocol type (ICMP) ,the next step to complete, closed this dialog box.

2. Manage the IP filter list and filter operations - managefilter actions-add (check the use of add wizard) -next: Name:refuse; Description: refuse--, next: stop - next, untilcomp let ion.

3. Right click the IP Security Policy- create the IP SecurityPolicy - next: Name: Ping; next: deactivate the defaultresponse rule - next: select the edit attribute selected -finish.

Then add the attribute Ping "" no - (check "use add Wizard")-the next step until the "authentication method"; choose third,enter a shared string - the next step: in the IP filter listand choose "ping-- the next step:" the next step to completerefuse-.

This is your "local security settings" on the right, you willsee "Ping forbid" this rule, but now he has not worked.

4. Right click "no Ping" -- assign.

This time, a IP strategy for banning others from Ping' s ownmachines has been completed.

Try to find a machine, your machine does not work. Will prompt:request timeout (timeout)

The above is only a small IP filter. You can make other IPstrategies yourself