Re: DROP Protocols

From: Ricardo (Ricardo_at_discussions.microsoft.com)
Date: 09/27/04 

Date: Mon, 27 Sep 2004 09:17:01 -0700

I want to prevent clients computers in the network to ping my server, and
avoid internal attacks on it.

"Mike Rosado [MSFT]" wrote:

> Hola Ricardo,
>
> I'm by no means an expert in this subject matter of ICMP nor TCP/IP, but
> I'll try to assist you to the best of my ability. As I understand it, you
> should be able to do TCP/IP Filtering as documented in the following article
> similar to Windows 2003:
>
> 816792 HOW TO: Configure TCP/IP Filtering in Windows 2003
> http://support.microsoft.com/?id=816792
>
> Or according to the following article, use like a Router or Firewall to do
> the function for you:
>
> 325122 Internet Control Message Protocol "Destination Unreachable" (Code =
> http://support.microsoft.com/?id=325122
>
> The code value of the ICMP Destination Unreachable packet is 0x0D. The
> hexadecimal code 0X0D (code decimal 13) translates to "Communication
> Administratively Prohibited" from Requests for Comments (RFC) 1812:
>
> 13 = Communication Administratively Prohibited - generated if a
> router cannot forward a packet due to administrative filtering;
>
> This is generated if a router cannot forward a packet because of
> administrative filtering. This is the code value for an administrative
> denial, which indicates that a router is filtering a port and is not
> permitting traffic to pass. The packet is typically seen when traffic is
> refused to pass through a router or a firewall.
>
> --
> Hope this helps,
> Mike Rosado
> Windows 2000 MCSE + MCDBA
> Microsoft Enterprise Platform Support
> Windows NT/2000/2003 Cluster Technologies
>
> ====================================================
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> ====================================================
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
> <http://www.microsoft.com/info/cpyright.htm>
>
> -----Original Message-----
>
> "Ricardo" <Ricardo@discussions.microsoft.com> wrote in message
> news:0227AB2B-CCF3-4493-B747-1D9A38FD2964@microsoft.com...
> > How can I configure the NIC of my W2K Server to drop ICMP packets ???
>
>
>

Relevant Pages

  • Re: newb: netfilter/iptables ?? extension?
    ... Explain further what you expect to gain by filtering on IP ... I think it would take a rack of Cisco high speed packet filtering ... perform a lookup -- just like iptables. ... provide a clue to solve it -- except that _no_ packet filtering router ...
    (comp.os.linux.networking)
  • Re: [fw-wiz] Inspecting routers
    ... > filtering on the external router could maybe be a good idea. ... You are thinking of packet ... What does your customer hope to gain by inspecting packets on his routers? ...
    (Firewall-Wizards)
  • Router Packet Filtering and Firewalls
    ... I am trying to confirm my thoughts regarding the use of router packet ... a firewall but used packet filtering on the router to protect our ...
    (Security-Basics)
  • Re: Router Packet Filtering and Firewalls
    ... I am trying to confirm my thoughts regarding the use of router packet ... a firewall but used packet filtering on the router to protect our ...
    (Security-Basics)
  • Re: UPNP/SSDP
    ... otherwise it's just a glorified packet filter with a set of rules. ... neither a NAT nor a router are referred to as packet filters. ... a NAT router for broadband internet does not do this, ... router to route traffic b/w two or more private networks and the internet. ...
    (microsoft.public.windowsxp.general)