pierre Posted May 29, 2018 Share Posted May 29, 2018 Hello, I would like to block ping sweep which permitts determine whether a host is up or not by sending TCP SYN packet. But if the host has a webserver supposed to be reachable, how can I block TCP SYN packet ? Regards, Quote Link to comment Share on other sites More sharing options...
r3plic4tor Posted June 4, 2018 Share Posted June 4, 2018 (edited) The use of this type of packet indicates an attempt to conceal the sweep. This may be the prelude to a more serious attack. You can disable incoming 'echo' requests on your servers firewall which will show as 'host down' for any ICMP protocol monitoring. If the host is windows based and your using windows firewall, access the 'advanced tab' and disable the checkbox (allow incoming echo requests) under ICMP settings in the firewall! The persistence switch (-Pn) from a linux based nmap request may override this security layer, however! Alternatively for hardware FW, Go to the admin console of your hardware based firewall (router) and set inbound rule > File and Printer Sharing (Echo Request – ICMPv4-IN) > right click and select Enable rule. As an addition, apply these 3 rules to negate probing attacks; Allow ping—CMP Echo-Request outbound and Echo-Reply messages inbound. Allow traceroute—TTL-Exceeded and Port-Unreachable messages inbound. Allow path MTU—ICMP Fragmentation-DF-Set messages inbound. For a Linux based server, see IP tables rule set here. Edited June 4, 2018 by r3plic4tor Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.