Main Area and Open Discussion > Living Room
I want to ping back blocked incoming pings - could I use BlackIce Defender?
IainB:
Could anyone advise please?
I want to automate a ping back for blocked incoming pings - could I use BlackIce Defender for that? Or something else?
I want to find out more about who is pinging me and where from, rather than just passively block them in my firewall or the NAT.
I still have the BlackIce Defender install in my software archive backup. Not sure if it would run on Win7-64 Home Premium.
Stoic Joker:
Why? The only thing that could be "gained" is additional exposure of the internal machine by allowing ICMP through the network border's hardware firewall. At best you'd eat up a bunch of time answering automated services, and at worst by answering an actual attack you'd "ante up" to a pissing contest with someone that knows how to win.
If you're really just curious about the haps out on the wild web, just setup a syslog server and then forward the router's logs to it for future study. Nslookup and whois should be able to tell you everything you need to know about the blocked traffic ... Without exposing you to looking like a live one.. :)
...It's been said that every IP address on the web gets hit with/by something every 20 seconds...and that estimate is over a decade old... ;)
4wd:
Depending on your router, you could set its firewall to block incoming ICMP messages and then set the System Log to report blocked connections. Then log into the router and have a look every so often, normally the originating IP will be in there.
EDIT: Oopps! I see SJ already covered that :-[
IainB:
@Stoic Joker and @4wd: Thanks for the input, and I shall take the advice for not looking like a "live one". :o
The router is the one I mentioned in a separate thread in the DC Forum - TP-Link TD-8950ND 150Mbps Wireless N ADSL2+ Modem Router - where I was puzzling over how to get the client to access it up to max 150Mbps, and eventually achieved it (more or less).
The log shows stuff like in the image below:
I want to ping back blocked incoming pings - could I use BlackIce Defender?
- but it is a transient in-RAM log and I couldn't see an easy way to automate the collection of the logged data other than what is suggested above by @Stoic Joker
"setup a syslog server at a particular IP address, and then forward the router's logs to it for future study"
--- End quote ---
- but I don't think have the resources/technology available to do that.
I'm not too well up on current Internet telecomms protocols. The most technical I ever got was years back when I needed to write SALT scripts using a DOS program called Telix, to log and analyse internet traffic through a 56K modem.
When I later used BlackIce Defender on a PC with an ADSL router, there was no real need for me to understand what was going on at the IP level.
By the way, I don't recall previously seeing the critical OAM loopback response error in the log - it's usually just all intrusion alerts, once the router has rebooted. (I periodically reboot the router from within the browser.) Maybe it was a momentary drop in service levels standards by the ISP?
4wd:
Just referring to your image above, those are all TCP protocol, do you have incoming ICMP messages blocked in the router firewall?
Re. the syslog server, your router is capable of sending the error reports to one - it looks like you have version 1 of the router going by the image in the other thread, so from the manual:
Mode - Select Local, Remote or Both. If the selected mode is Remote or Both, events will be sent to the specified IP address and UDP port of the remote syslog server. If the selected mode is Local or Both, events will be recorded in the local memory.
--- End quote ---
SJ will probably know for sure but I would have thought there was a way to have the events appear in the Windows Event Log.
Otherwise, Kiwi and PRTG both have a free version Syslog Server, (limited number of input sources), that should be able to do what you want.
Navigation
[0] Message Index
[#] Next page
Go to full version