Announcement

Collapse
No announcement yet.

Block Ping Traffic with IPSec

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Block Ping Traffic with IPSec

    I found "Block Ping Traffic with IPSec" by Daniel Petri and that brought me here. I want to block outbound PINGS for security. I started to follow the above until I got to step #9 and encountered a screen not covered, "Authentication Method".

    What do I do here?

    I stopped there so I hope there are no more surprises.



  • #2
    Re: Block Ping Traffic with IPSec

    You state you want to block outbound ping for security, but did you want to block ping response, or ping request ?
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: Block Ping Traffic with IPSec

      If in a Active Directory Domain select Kerberos v5 which is the AD default.
      Caesar's cipher - 3

      ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

      SFX JNRS FC U6 MNGR

      Comment


      • #4
        Re: Block Ping Traffic with IPSec

        tehcamel - Thank you for your response.

        I want to block, or at least know of, any attempts by malware to use my Internet connection to communicate to the outside world.

        As to "ping response, or ping request", I don't see anyone I know wanting to ping me without my prior knowledge. My hardware router blocks incoming pings. If I don't know about incoming pings, I guess I can't respond.

        L4ndy - Thank you also for your response and I will try this as soon as I can.

        Comment


        • #5
          Re: Block Ping Traffic with IPSec

          L4ndy,

          I followed the instructions in Daniel Petri's "Block Ping Traffic with IPSec". When I got to step #9, "Authentication Method", I selected "Kerberos v5" but received the following:

          "Kerberos is valid only when this rule is enabled on a computer which is a member of a domain. This computer is not a member of a domain. Do you want to continue and save these rule properties?"

          I continued but my tests showed that I could still ping out to another server.

          Either something is missing in the instructions or Windows XP IPSec has holes, and this is the wrong approach for protecting against an old an simple method that malware uses.

          Comment


          • #6
            Re: Block Ping Traffic with IPSec

            Obviously you are not in a domain then.
            I suppose you can use a PSK or a Certificate if that's the case although I haven't tried it.
            http://www.microsoft.com/resources/d....mspx?mfr=true
            Caesar's cipher - 3

            ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

            SFX JNRS FC U6 MNGR

            Comment


            • #7
              Re: Block Ping Traffic with IPSec

              Thank you for your help. I thought this was going to be an efficient answer to the very old, simple problem of malware communicating home.

              I think I will fall back to Plan B.

              Or was it Plan C.

              I forget.

              Steve

              Comment

              Working...
              X