Practical Network Scanning
上QQ阅读APP看书,第一时间看更新

Mitigation

A simple solution to this problem is to stop ICMP totally. ICMP can be stopped on a firewall layer, network layer or even on a host layer. We understand that ICMP is a very common troubleshooting tool for network admin and system admin, but instead of relying upon an ICMP based ping, we should rely upon a TCP ping. Such scans can also be detected and stopped by the IPS/IDS system.

For a host-based example,  ICMP Echo can be easily blocked on Windows by configuring an inbound rule. A new rule can be created by using the utility wf.msc from the Windows system: