Critical System Protection

 View Only
  • 1.  SCSP Ping block

    Posted Mar 22, 2012 06:03 AM

    Can we block ping in SCSP?



  • 2.  RE: SCSP Ping block

    Broadcom Employee
    Posted Mar 22, 2012 07:57 AM

    yep , you can block access to ping.exe which is located under c:\windows\system32



  • 3.  RE: SCSP Ping block

    Posted Mar 29, 2012 12:34 PM

    Hi Sanjith,

    What excatly you want. you want to block ping to SCSP Agent or want to block ping from SCSP agent to other system.

    If you want to block ping to SCSPAgent then its not possible (according to me), If you want to block ping from SCSP Agent to other system then siply block the ping.exe located under system32 folder.



  • 4.  RE: SCSP Ping block

    Posted Mar 30, 2012 02:54 PM

    You can use the firewall component of SCSP to block inbound ping requests.



  • 5.  RE: SCSP Ping block

    Posted Mar 31, 2012 01:58 AM

    Thank you  for the response Chuck. But can  you tell how exactly  can i do this?



  • 6.  RE: SCSP Ping block

    Posted Apr 02, 2012 10:20 AM

     

    The firewall component in SCSP prevention policies is listed either globally or for particular services or interactive programs.

    In the Strict policy, the inbound rule is to deny all at the global level.

    You can also set this on any other policy at Global Policy Options > Network Controls > Inbound > Globally set the default inbound rules to deny

    In other policies, the firewall is open until you restrict it.  You can block all, then allow the ports that you want in.

    Here are some example locations of where to find this:

    Global Policy Options > Network Controls > Inbound > Components 

    Global Policy Options > Network Controls > Inbound>  Inbound network rules

    Service Options > Network Controls > Inbound>  Inbound network rules

    Interactive Program Options > Network Controls > Inbound>  Inbound network rules

    So, you can set the deny rule globally, then granularly add rules below to allow traffic.



  • 7.  RE: SCSP Ping block

    Broadcom Employee
    Posted Apr 03, 2012 01:17 AM

    you should be blocking ping.exe to trigger!



  • 8.  RE: SCSP Ping block

    Posted Apr 04, 2012 09:20 AM

    I agree with AMoss. 



  • 9.  RE: SCSP Ping block

    Posted Apr 05, 2012 05:52 PM

    Generally speaking folks are not concerned with blocking outbound pings from a server.  They would rather block inbound pings as they are often used in attempts to enumerate a network...and if you hide your server from ping...it might not even show up on an attackers radar. :)



  • 10.  RE: SCSP Ping block

    Posted Apr 06, 2012 05:08 PM

    AMoss is correct . . . I made a mistake and forgot the SCSP firewall only supports TCP & UDP.  Sorry guys!  Nice catch.



  • 11.  RE: SCSP Ping block

    Posted Apr 11, 2012 11:26 AM

    The SCSP firewall component can only regulate two protocols - TCP & UDP.  As ping utilizes ICMP, we can not leverage the CSP firewall component to block it's network traffic.