如何设置ip策略使别人ping不通自已Howto set IP strategy tomake others Ping impassability
By default, all Internet control message protocol (ICMP)options are disabled. If the ICMP option is enabled, yournetwork will be visible in Internet and vulnerable to attack.If you want to enable ICMP, must be as an administrator or amember of the Administrators group on computer, right-click onthe "network neighborhood", on the shortcut menu, select"properties" to open the "network connection", selectedconnection enabled the Internet connection firewall, open theproperties window, and switch to the "advanced" tab. Click the"Settings", then the "advanced settings" dialog window, in the"ICMP" tab, check that type of response to a request forinformation from your computer, check the box next to the tableto enable this type of request, such as to disable thecorresponding request please clear the type of information canbe.
Two, use network firewall to block Ping
Usingfirewalls to blockPing is the simplest andmost effectiveway, and now basically all firewalls have enabled ICMPfiltering by default. Here, with Kingsoft net 2003 and Skynetfirewall 2.50 edition for blue, originally explained.For the use of Kingsoft Internet Security 2003 users, pleaseright-clickmouse Kingsoft 2003 icon in the system tray, selectthe "utility" in the "custom IP rules editor on the shortcutmenu, select the type of ICMP attack defense rules" in the
window that appears, allowing others to eliminate "thedetection" rules with the ping command to save the applicationafter effect.
If you are using a Skynet firewall, in the main screen clickon "custom IP rules", and then uncheck "to prevent others fromusing the ping command detection rule, check the" defense ICMPattack"rules, and then click" save/application"to IP rules.Three, enable IP security policy, prevent Ping
The IP security mechanism (IP Security) , that is, the IPSecpolicy, is used to configure IPSec security services. Thesepolicies provide various levels of protection for mostcommunication types in most existing networks. You canconfigure IPSec policies to meet the security needs of yourcomputer, application, organization, unit, domain, site, orglobal enterprise. You can use the Windows XP in the "IPsecurity policy management unit for Active Directory in thecomputer (for domain members) or the local computer (for do notbelong to the domain of computer) definition of IPSec strategy.Here, for example, WINDOWS XP, through the "control panel" -"management tool" to open the "local security policy", selectthe IP security policy, where we can define their own IPsecurity policy. A IP security filter consists of twocomponents: filtering policies and filtering operations. Tocreate anew IP security filter, youmust create a newfilteringstrategy and filtering operation of its own, right click on theleft sideof thewindowof the"IP securitypolicies on the localmachine", select "create IP security strategy" on the shortcut
menu, click next, and then enter the name and description ofstrategy strategy. Click next to select the activate thedefault response rule check, and then click next". Startsetting response rule authentication method, select the stringused to protect key exchange (pre shared key) "option, and thenenter some characters (these characters will be used later) ,click"next ", itwill prompt the completed IP security strategy,confirm select the check box, click edit properties the" finish"button, the dialog box will open.
Next, you will configure the new security policy. In "GoodbyePing properties" dialog window "rules" in the options page,click the Add button, and in turn the Safety Rules Wizard, clicknext to the end of the tunnel set here, "this rule does notspecify the tunnel". Click next, and select all networkconnections to make sure that all computers are Ping blocked.Click next to set authentication mode,
As above, select the third option. This string is used toprotect the key exchange (pre shared key) and fill in the samecontent as before. Click "next" to open the "IP filter list"window"in the IP filter list" and select "new IP filter list,click on the right side of the" Edit ", click" in the windowthat appears to add ", click" next ", " set the source addressfor "my IP" address ", click"next ", set up the target addressfor any" IP address ", click" next ", select the protocol typefor ICMP, click" finish "and then click" OK "to return to thewindow as shown in Figure 9, click next, select the filteraction for" safety requirements "option, and then click" next", " complete ", " OK ", " close "button to save the settingsrelated to the return management console.
Finally, in the local security settings, right-click theconfiguration of the "Goodbye Ping" strategy, select
"assigned" command on the shortcut menu to apply thisconf igurat ion.
After the settings above, when other computers Ping thecomputer, there is no Ping connection. But if you are Ping localcomputer, you can still Ping. In Windows 2000, the operationis basically the same.
Four, modify the TTL value, prevent Ping
Many invaders love to judge the operating system by the TTLvalue, they will first Ping of your machine, such as see theTTL value of 128 that your system is Windows NT/2000, if theTTL value of 32 is that the target host operating system forWindows 95/98, if 255/64 is that UNIX/Linux operating systemfor the TTL value. Since the intruder believes in the resultof the TTL value, then we might as well modify the TTL valueto deceive the intruder and achieve the purpose of protectingthe system. Method is as follows:
Open the Notepad program that comes with Windows, and write thebatch command as follows:
@echo REGEDIT4>>ChangeTTL.reg
@echo.>>ChangeTTL.reg
@echo
[HKEY_LOCAL_MACHINESystemCurrentControl SetServicesTcpipParameters]>>ChangeTTL.reg
@echo DefaultTTL=dword:000000ff>>ChangeTTL.reg
@REGEDIT /S /C ChangeTTL.reg
In order to save as a.Bat extension of the batch file, clickon the file, the default value of the TTL operating system youwill be modified for FF, 255 decimal, namely your operatingsystem artificially changed to UNIX system!
DefaultTTL=dword:000000ff is used to set the default value ofthe TTL system, if you want to own the TTL operating system toother operating system of the ICMP echo reply, please changethe DefaultTTL key, should pay attention to its value as 16hexadecimal.
How to prohibit others Ping own host (2000 comes)
My computer-control panel -management tools-local securitypolicy, -ip security policy
This is the 2000 to our configuration IP management tool, I'mhere to say only how to ban others, Ping my host.
There are four steps:
1. Set up a no Ping rule
2. Establish a rule of prohibition / permission
3. Tie the two rules together
4. Assign
Detail:
1. Right click the IP security policy management IP filter listsand filter -ip filter list - added: Name: Ping; Ping;Description: (check"use addWizard") , -added-the next step:Specifies the source / destination IP, protocol type (ICMP) ,the next step to complete, closed this dialog box.
2. Manage the IP filter list and filter operations - managefilter actions-add (check the use of add wizard) -next: Name:refuse; Description: refuse--, next: stop - next, untilcomp let ion.
3. Right click the IP Security Policy- create the IP SecurityPolicy - next: Name: Ping; next: deactivate the defaultresponse rule - next: select the edit attribute selected -finish.
Then add the attribute Ping "" no - (check "use add Wizard")-the next step until the "authentication method"; choose third,enter a shared string - the next step: in the IP filter listand choose "ping-- the next step:" the next step to completerefuse-.
This is your "local security settings" on the right, you willsee "Ping forbid" this rule, but now he has not worked.
4. Right click "no Ping" -- assign.
This time, a IP strategy for banning others from Ping' s ownmachines has been completed.
Try to find a machine, your machine does not work. Will prompt:request timeout (timeout)
The above is only a small IP filter. You can make other IPstrategies yourself
想必我们有一些朋友应该陆续收到国内和国外的域名注册商关于域名即将涨价的信息。大概的意思是说从9月1日开始,.COM域名会涨价一点点,大约需要单个9.99美元左右一个。其实对于大部分用户来说也没多大的影响,毕竟如今什么都涨价,域名涨一点点也不要紧。如果是域名较多的话,确实增加续费成本和注册成本。今天整理看到Dynadot有发布新的八月份域名优惠活动,.COM首年注册依然是仅需48元,本次优惠活动截止...
tmhhost放出了2021年的端午佳节+618年中大促的优惠活动:日本软银、洛杉矶200G高防cn2 gia、洛杉矶三网cn2 gia、香港200M直连BGP、韩国cn2,全都是高端优化线路,所有这些VPS直接8折,部分已经做了季付8折然后再在此基础上继续8折(也就是6.4折)。 官方网站:https://www.tmhhost.com 香港BGP线路VPS ,200M带宽 200M带...
CloudCone商家我们很多喜欢低价便宜VPS主机的肯定是熟悉的,个人不是特别喜欢他。因为我之前测试过几次,开通的机器IP都是不通的,需要删除且开通好几次才能得到一个可用的IP地址。当然他们家的优势也是有的,就是价格确实便宜,而且还支持删除重新开通,而且机房只有一个洛杉矶MC。实话,如果他们家能多几个机房,保持现在的特点,还是有很多市场的。CloudCone是来自美国的主机销售商,成立于2017...