BlackIce Firewall Question

Discussion in 'Computer Support' started by Boy Meets Web, Aug 13, 2005.

  1. I just recently installed blackice 2.9 on my system.

    After installing - I went to the ShieldsUp website and
    ran a port scan test. They told me that all my ports were STEALTH. Yet -
    they gave me a Failed Test - explaining that they received a ping from my
    computer.

    They said ----> Ping Reply: RECEIVED (FAILED) - Your system REPLIED to our
    Ping (ICMP Echo) requests, making it visible on the Internet. Most personal
    firewalls can be configured to block, drop, and ignore such ping requests in
    order to better hide systems from hackers. This is highly recommended since
    "Ping" is among the oldest and most common methods used to locate systems
    prior to further exploitation.


    I went to my blackice software ... but I do not have a clue on how to
    configure it to block, drop or ignore ping requests. Does anyone know
    enough so you could possibly walk me through the process?

    Thanks in Advance!

    Boy



    Posted Via Usenet.com Premium Usenet Newsgroup Services
    ----------------------------------------------------------
    ** SPEED ** RETENTION ** COMPLETION ** ANONYMITY **
    ----------------------------------------------------------
    http://www.usenet.com
     
    Boy Meets Web, Aug 13, 2005
    #1
    1. Advertising

  2. Boy Meets Web

    why? Guest

    On Sat, 13 Aug 2005 02:38:25 -0700, Boy Meets Web wrote:

    >I just recently installed blackice 2.9 on my system.


    That's a bit of an old version.

    >After installing - I went to the ShieldsUp website and


    Test on other sites and read all the notes about the tests fully.

    >ran a port scan test. They told me that all my ports were STEALTH. Yet -


    Stealth is okay but it shouldn't really be that way. You also want to
    read up on the TCP RFCs
    http://www.cse.ohio-state.edu/cs/Services/rfc/rfc.html
    and look at the pro / con comments about the Gibson site and what's more
    or less correct operation and the stelth / closed port discussions.

    >they gave me a Failed Test - explaining that they received a ping from my
    >computer.
    >
    >They said ----> Ping Reply: RECEIVED (FAILED) - Your system REPLIED to our
    >Ping (ICMP Echo) requests, making it visible on the Internet. Most personal
    >firewalls can be configured to block, drop, and ignore such ping requests in
    >order to better hide systems from hackers. This is highly recommended since
    >"Ping" is among the oldest and most common methods used to locate systems
    >prior to further exploitation.


    That's where NAT / Firewall / AV / Antispyware come in as well as
    ensuring you are only running the minimum services you need. Use any
    facility in the applications to deny / allow only specific ports to
    specific servers.

    http://www.dslreports.com/forum/remark,14008577
    http://www.dslreports.com/forum/remark,8722338?hilite=stealth vs closed debate continues

    The RFC references
    http://forums.overclockers.co.uk/showthread.php?t=82920&page=2


    >
    >I went to my blackice software ... but I do not have a clue on how to
    >configure it to block, drop or ignore ping requests. Does anyone know


    Read the Helpfile (RTFM) for Blocking Intrusions

    http://www.iss.net/support/

    Check the KB
    http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_alp.php

    >enough so you could possibly walk me through the process?


    Try the instructions that come with the product.

    Me
     
    why?, Aug 13, 2005
    #2
    1. Advertising

  3. Boy Meets Web

    Duane Arnold Guest

    I have BI running on my laptop. As the other poster has suggested, you need
    to edit the Firewall.ini file and insert ICMP rule in the file. You must
    stop the BlackIce Engine to edit the file and you might have to stop the
    Blackice service too.

    Are you using VisualIce (free) and have BlackIce's logging enabled?

    BlackIce has a very good Knowledge Base and you can use it to get
    information about how to use BlackIce.

    When I was using BlackIce on all my machines I added two firewall rules for
    added protection in case I moved the protection level off of Paranoid. The
    rules were set using the ADV Firewall Settings.

    Name: Block TCP Ports
    Port: 1-65535
    Type: TCP
    Mode: Reject
    Duration: Forever

    Name: Block UDP Ports
    Port: 1-65535
    Type: UDP
    Mode: Reject
    Duration: Forever

    I always set the BlackIce Notification level to *Red* so that the BI shield
    would not alert on background noise that was hitting the FW. I could always
    go to VIsualIce to review the log.

    Duane :)
     
    Duane Arnold, Aug 13, 2005
    #3
  4. Boy Meets Web

    why? Guest

    On Sat, 13 Aug 2005 02:38:25 -0700, Boy Meets Web wrote:

    >I just recently installed blackice 2.9 on my system.
    >
    >After installing - I went to the ShieldsUp website and
    >ran a port scan test. They told me that all my ports were STEALTH. Yet -
    >they gave me a Failed Test - explaining that they received a ping from my
    >computer.
    >
    >They said ----> Ping Reply: RECEIVED (FAILED) - Your system REPLIED to our
    >Ping (ICMP Echo) requests, making it visible on the Internet. Most personal
    >firewalls can be configured to block, drop, and ignore such ping requests in
    >order to better hide systems from hackers. This is highly recommended since
    >"Ping" is among the oldest and most common methods used to locate systems
    >prior to further exploitation.
    >
    >
    >I went to my blackice software ... but I do not have a clue on how to
    >configure it to block, drop or ignore ping requests. Does anyone know


    It's in the online BI KB ,
    Answer ID 1248
    and appears in a Google search as well.
    http://iss.custhelp.com/cgi-bin/iss...HQ9YmxvY2sgZWNobyByZXBseQ**&p_li=&p_topview=1
    or the shorter
    http://makeashorterlink.com/?L5F832C9B


    ICMP Echo Reply isn't blocked by default, edit the firewall.ini file,
    this section by adding the line.

    [MANUAL ICMP ACCEPT]
    REJECT, 8:0, ICMP, 2001-10-15 00:01:00, PERPETUAL, 1000


    >enough so you could possibly walk me through the process?


    See the notes in the ISS article.

    <snip>

    Me
     
    why?, Aug 14, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Preesi

    NEW.NET/ BlackIce ETC

    Preesi, Dec 29, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    417
    bigjon
    Dec 29, 2004
  2. Boy Meets Web

    BlackIce Firewall Question

    Boy Meets Web, Aug 13, 2005, in forum: Computer Support
    Replies:
    1
    Views:
    409
  3. Beauford

    Linksys Router and BlackICE - Confused!!

    Beauford, Sep 24, 2004, in forum: Computer Security
    Replies:
    3
    Views:
    896
    David Shaw
    Sep 26, 2004
  4. Dan

    BlackIce. How good? ie idiot friendly

    Dan, Oct 1, 2004, in forum: Computer Security
    Replies:
    6
    Views:
    508
  5. General Specific

    BlackIce

    General Specific, Oct 26, 2004, in forum: Computer Security
    Replies:
    3
    Views:
    546
    Voodoo
    Nov 10, 2004
Loading...

Share This Page