is there a way to disable ping replies without installing any firewall?

i read many articles talking about tcmp and finger... but with not results

any ideas?

Yes U can use the std service on windows boxes

PolicyAgent IPSEC Services (RUNNING)

net start PolicyAgent

sc config PolicyAgent start= auto

to disabled ICMP from cmd prompt

IPSecPol -w REG -p "ICMP Block Policy"
IPSecPol -x -w REG -p "ICMP Block Policy" -r "Block ICMP" -n BLOCK -f 0+*::ICMP -x

u can disable any port with this

eg
port 139

ipsecpol -w REG -p "Block TCP 139 Filter" -r "Block Inbound TCP 139 Rule" -f *=0:139:TCP -n BLOCK -x

note to have the new registry settings u have to kill explorer and after it restarts
the new settings enabled

When I was doing it for more then on port block I had to import a few times and kill explorer a few times before the setting took effect.

Also u might want to enable this registry setting

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSEC]
"NoDefaultExempt"=dword:00000001

btw I wouldnt kill icmp on a LAN were the box is sharing files to other uses
else u will disable their access and the admin is sure to investigate

Very nice!!

But it when i Typ the cmd ipsecpol i get

'ipsecpol' is not recognized as an internal or external command,
operable program or batch file.

Yes my mistake u need to download the configuration tool
get it from microsoft

http://www.microsoft.com/downloads/details...15-A2AB904B7361

note for remote installation there are only these files u need to copy to sys32
dir

IPSECPOL.EXE
IPSECUTIL.DLL
TEXT2POL.DLL

all are in that setup exe

nice

I don't quite understand why you don't want a firewall. I myself use ZoneAlarm and i have never had any problems with it. The part i like about it is that it alerts you. You can get a free trial of the pro version, which provides more than one kind of security, or you can get the free version.

The trial version of Zone Alarm Pro 4, which btw has just come out: http://www.zonelabs.com/store/content/comp...db_gridprotrial

The normal free ZoneAlarm: http://www.zonelabs.com/store/content/comp...lid=zadb_zadown

thx bah for this information

if you choose to use a firewall, use one who's light on cpu and mem

like blackice

thanks for the tips

tnx bah but have a problem with running this tool

when i run it , it writes error box:

The procedure entry point ?DSLibRelease@DSLibRefCount@@UAEXXZ could not be located in the dynamic link library polstore.dll.


Edit***

i have winxp service pack 2

Must b a service pack 2 issue then as it works on sp1 fine.

Google search for your dll turns up the following page

http://dll.yaroslavl.ru/index.php3?lng=&in_char=P

polstore.dll (145680 bytes)

u have to register the dll before u use it I guess

sp2 is still in beta stage so I would imagine problems with it

For the lazy people amongst us

thanks dumpz.... the microsoft download site seems to be temporarily down anyway...? stupid people

IIRC, there was a bit of a battle between BlackIce and Zone Alarm.

I inferred that Black Ice had serious limitations and that ZA was better, but it was a long time ago and some of the tech details were over my head. I came across this when reading up about a certain rogue program...

...What puzzles me is how Robin Hood Trashware's Evidence Eliminator can crash into my (non-sex-related) pages whether or not I'm using a proxy server and with all ports apparently either closed or stealthed.

What's more to the point is how do I keep that evil piece of scareware from pestering me in the future? I've got W2K on one machine and WME on the other.

I'm using ZA Pro, fed from a router using DCHP. I'd prefer a static address, but it's not my router, so I've enabled all the addies it tends to come up with.

I've only got access to one router port and my failed attempts to run both machines on the network (Router -> PC1 NIC1, PC1 NIC2 -> PC2 NIC3) may have left one or both machines even more vulnerable than even Windows intended!

Any suggestions would be appreciated.

TIA,

Basil

this ipsecpol is really good, i didn't know about it before.
but in my opinion ZA is the best firewall, you can set the lightest security and just block ping :-)

firewalls are good but they dont seem to be able to block DDos attacks as soon as someone with a strong connection decides to have a go with you they all seem to bomb out, i remember having za on and some wise ass on irc decided to packet my box and za was flat out trying to filter these packets it stopped me getting disconnected from the net but surfing functions were killed, blackice isnt my choice at the moment either seeing how a few of the versions are actually exploitable, would u recommend a good firewall that would protect my windows box from hackers and script kiddies ?

also good to know:

Guys, u are impressive...
I was looking for a technique yesterday, and this morning i was walking around the forum, and ...
So big thx to BAH and Dumpz !!!
++

Well offcourse having a firewall like ZA Blackice etc, is better then using the IPSECPOL, but for I can imagine if u want to secure one port really quick then this is a verygood solution, even better then Firewall.exe

No that's true the firewall is maybe able to drop all the packets that are incoming but when someone is ddosing u with 1 gbit bandwidth there's nothing you can do then pull the UTP plug. because then line will still be filled with useless packets.

The problem is, that no matter if you have a firewall, or you don't, you haven't got a chance against Dos attacks. The reason for this is, that if you don't have a firewall, the computer has to filter all these packages, and that takes time. If you have a firewall, it may be able to block the packets, but the blocking itself takes time, bandwith and memory, meaning this also will take out your system. I don't think there will be any solution to this, besides maybe limit the amount of service connections.

Re: DDoS attacks...

I don't know what the first "D" stands for. Destructive?

The only solution I can think of is to get ISPs to allow no more than (say) 1 ping per second or (perhaps more realistically), to provide a timeout for new sends equal to (say) 3 times as long the previous ones took in the last few secs to any given IP address. It would at least allow full control of the victim's settings.

BTW, If anyone can offer advice (if only where to repost it), I'd appreciate a response to my rather long post. I'm getting seriously p****d off with Robin Hood Software attacking me whenever "spyware" is mentioned.

Gotta go... I'm missing the footie!

Latest score: Arsenal 1-0 Leeds (Pirez) 6 mins

Basil

The DDos attack not only sending the packet to the pinging port, the other ports still can be the victim.

That article is actually on Distributed Reflective DoS, which is a different and rare beasty. AFAIK, no one beyond GRC has been hit by that. These articles/tools might better give insight into the DDOS, the tools and some of the defenses to DDoS attacks. Probably the most famous one is MafiaBoy's attack on EBay, E*Trade and a few others (keep in mind he was nothing more than a scriptkiddie). IIRC, he used Trinoo2k. (encrypted administration of zombies was included with that tool, IIRC).

There are some defensive tools out there (mostly hardware devices). Here are a couple of examples: one from Toplayer and one from CS3. The traditional way to stop a DoS is to drop packets. This will slow down some of the activity, particularly if this is done at the router. Working with your ISP is another thing that can be done. If it's an IP based DoS, switching IPs is usually a good start.

Now that said, nothing is perfect and nothing is 100% secure. The biggest thing you can do is keep aware and attentive to what goes into your network.