如何设置ip策略使别人ping不通自已Howto set IP strategy tomake others Ping impassability
By default, all Internet control message protocol (ICMP)options are disabled. If the ICMP option is enabled, yournetwork will be visible in Internet and vulnerable to attack.If you want to enable ICMP, must be as an administrator or amember of the Administrators group on computer, right-click onthe "network neighborhood", on the shortcut menu, select"properties" to open the "network connection", selectedconnection enabled the Internet connection firewall, open theproperties window, and switch to the "advanced" tab. Click the"Settings", then the "advanced settings" dialog window, in the"ICMP" tab, check that type of response to a request forinformation from your computer, check the box next to the tableto enable this type of request, such as to disable thecorresponding request please clear the type of information canbe.
Two, use network firewall to block Ping
Usingfirewalls to blockPing is the simplest andmost effectiveway, and now basically all firewalls have enabled ICMPfiltering by default. Here, with Kingsoft net 2003 and Skynetfirewall 2.50 edition for blue, originally explained.For the use of Kingsoft Internet Security 2003 users, pleaseright-clickmouse Kingsoft 2003 icon in the system tray, selectthe "utility" in the "custom IP rules editor on the shortcutmenu, select the type of ICMP attack defense rules" in the
window that appears, allowing others to eliminate "thedetection" rules with the ping command to save the applicationafter effect.
If you are using a Skynet firewall, in the main screen clickon "custom IP rules", and then uncheck "to prevent others fromusing the ping command detection rule, check the" defense ICMPattack"rules, and then click" save/application"to IP rules.Three, enable IP security policy, prevent Ping
The IP security mechanism (IP Security) , that is, the IPSecpolicy, is used to configure IPSec security services. Thesepolicies provide various levels of protection for mostcommunication types in most existing networks. You canconfigure IPSec policies to meet the security needs of yourcomputer, application, organization, unit, domain, site, orglobal enterprise. You can use the Windows XP in the "IPsecurity policy management unit for Active Directory in thecomputer (for domain members) or the local computer (for do notbelong to the domain of computer) definition of IPSec strategy.Here, for example, WINDOWS XP, through the "control panel" -"management tool" to open the "local security policy", selectthe IP security policy, where we can define their own IPsecurity policy. A IP security filter consists of twocomponents: filtering policies and filtering operations. Tocreate anew IP security filter, youmust create a newfilteringstrategy and filtering operation of its own, right click on theleft sideof thewindowof the"IP securitypolicies on the localmachine", select "create IP security strategy" on the shortcut
menu, click next, and then enter the name and description ofstrategy strategy. Click next to select the activate thedefault response rule check, and then click next". Startsetting response rule authentication method, select the stringused to protect key exchange (pre shared key) "option, and thenenter some characters (these characters will be used later) ,click"next ", itwill prompt the completed IP security strategy,confirm select the check box, click edit properties the" finish"button, the dialog box will open.
Next, you will configure the new security policy. In "GoodbyePing properties" dialog window "rules" in the options page,click the Add button, and in turn the Safety Rules Wizard, clicknext to the end of the tunnel set here, "this rule does notspecify the tunnel". Click next, and select all networkconnections to make sure that all computers are Ping blocked.Click next to set authentication mode,
As above, select the third option. This string is used toprotect the key exchange (pre shared key) and fill in the samecontent as before. Click "next" to open the "IP filter list"window"in the IP filter list" and select "new IP filter list,click on the right side of the" Edit ", click" in the windowthat appears to add ", click" next ", " set the source addressfor "my IP" address ", click"next ", set up the target addressfor any" IP address ", click" next ", select the protocol typefor ICMP, click" finish "and then click" OK "to return to thewindow as shown in Figure 9, click next, select the filteraction for" safety requirements "option, and then click" next", " complete ", " OK ", " close "button to save the settingsrelated to the return management console.
Finally, in the local security settings, right-click theconfiguration of the "Goodbye Ping" strategy, select
"assigned" command on the shortcut menu to apply thisconf igurat ion.
After the settings above, when other computers Ping thecomputer, there is no Ping connection. But if you are Ping localcomputer, you can still Ping. In Windows 2000, the operationis basically the same.
Four, modify the TTL value, prevent Ping
Many invaders love to judge the operating system by the TTLvalue, they will first Ping of your machine, such as see theTTL value of 128 that your system is Windows NT/2000, if theTTL value of 32 is that the target host operating system forWindows 95/98, if 255/64 is that UNIX/Linux operating systemfor the TTL value. Since the intruder believes in the resultof the TTL value, then we might as well modify the TTL valueto deceive the intruder and achieve the purpose of protectingthe system. Method is as follows:
Open the Notepad program that comes with Windows, and write thebatch command as follows:
@echo REGEDIT4>>ChangeTTL.reg
@echo.>>ChangeTTL.reg
@echo
[HKEY_LOCAL_MACHINESystemCurrentControl SetServicesTcpipParameters]>>ChangeTTL.reg
@echo DefaultTTL=dword:000000ff>>ChangeTTL.reg
@REGEDIT /S /C ChangeTTL.reg
In order to save as a.Bat extension of the batch file, clickon the file, the default value of the TTL operating system youwill be modified for FF, 255 decimal, namely your operatingsystem artificially changed to UNIX system!
DefaultTTL=dword:000000ff is used to set the default value ofthe TTL system, if you want to own the TTL operating system toother operating system of the ICMP echo reply, please changethe DefaultTTL key, should pay attention to its value as 16hexadecimal.
How to prohibit others Ping own host (2000 comes)
My computer-control panel -management tools-local securitypolicy, -ip security policy
This is the 2000 to our configuration IP management tool, I'mhere to say only how to ban others, Ping my host.
There are four steps:
1. Set up a no Ping rule
2. Establish a rule of prohibition / permission
3. Tie the two rules together
4. Assign
Detail:
1. Right click the IP security policy management IP filter listsand filter -ip filter list - added: Name: Ping; Ping;Description: (check"use addWizard") , -added-the next step:Specifies the source / destination IP, protocol type (ICMP) ,the next step to complete, closed this dialog box.
2. Manage the IP filter list and filter operations - managefilter actions-add (check the use of add wizard) -next: Name:refuse; Description: refuse--, next: stop - next, untilcomp let ion.
3. Right click the IP Security Policy- create the IP SecurityPolicy - next: Name: Ping; next: deactivate the defaultresponse rule - next: select the edit attribute selected -finish.
Then add the attribute Ping "" no - (check "use add Wizard")-the next step until the "authentication method"; choose third,enter a shared string - the next step: in the IP filter listand choose "ping-- the next step:" the next step to completerefuse-.
This is your "local security settings" on the right, you willsee "Ping forbid" this rule, but now he has not worked.
4. Right click "no Ping" -- assign.
This time, a IP strategy for banning others from Ping' s ownmachines has been completed.
Try to find a machine, your machine does not work. Will prompt:request timeout (timeout)
The above is only a small IP filter. You can make other IPstrategies yourself
易探云怎么样?易探云最早是主攻香港云服务器的品牌商家,由于之前香港云服务器性价比高、稳定性不错获得了不少用户的支持。易探云推出大量香港云服务器,采用BGP、CN2线路,机房有香港九龙、香港新界、香港沙田、香港葵湾等,香港1核1G低至18元/月,183.60元/年,老站长建站推荐香港2核4G5M+10G数据盘仅799元/年,性价比超强,关键是延迟全球为50ms左右,适合国内境外外贸行业网站等,如果需...
对于如今的云服务商的竞争着实很激烈,我们可以看到国内国外服务商的各种内卷,使得我们很多个人服务商压力还是比较大的。我们看到这几年的服务商变动还是比较大的,很多新服务商坚持不超过三个月,有的是多个品牌同步进行然后分别的跑路赚一波走人。对于我们用户来说,便宜的服务商固然可以试试,但是如果是不确定的,建议月付或者主力业务尽量的还是注意备份。HostYun 最近几个月还是比较活跃的,在前面也有多次介绍到商...
百驰云成立于2017年,是一家新国人IDC商家,且正规持证IDC/ISP/CDN,商家主要提供数据中心基础服务、互联网业务解决方案,及专属服务器租用、云服务器、云虚拟主机、专属服务器托管、带宽租用等产品和服务。百驰云提供源自大陆、香港、韩国和美国等地骨干级机房优质资源,包括BGP国际多线网络,CN2点对点直连带宽以及国际顶尖品牌硬件。专注为个人开发者用户,中小型,大型企业用户提供一站式核心网络云端...