none
Restricting ICMPv4 and ICMPv6 types RRS feed

  • Pergunta

  • Hi All,

    I have a customer requirement where I need to restrict the below ICMP types

    Restrict  ICMPv4 types "Timestamp Reply (14)," "Netmask Reply (18)," "Information Reply (16)" and "Redirect (5)" and ICMPv6 types "Router Solicitation" (133), "Router Advertisement" (134) und "Redirect" (137)

    I have found an article and observed we can block through firewall customization. But I see that option is only available for ICMPv6 not for ICMPv4.

    Please help me to restrict all the above ICMP types.

    After restricting how we will identify that particular type is blocked or not.

    sexta-feira, 3 de julho de 2020 04:07

Todas as Respostas

  • Hi ,

    You can block the following specific ICMPV4 type and ICMPV6 type through firewall customization, as the picture below:

    For the unusual ICMPv4 types, you can manually add type number. Like 14 and 16.

    >>After restricting how we will identify that particular type is blocked or not.

    As long as these ICMP type packets are sent out, then you can verify whether these types of ICMP are blocked by tracing network monitor.

    Best Regards,

    Candy


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    sexta-feira, 3 de julho de 2020 06:43
  • Hi,

    Just checking in to see if the information provided was helpful.

    Please let us know if you would like further assistance.

    Best Regards,

    Candy


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    segunda-feira, 6 de julho de 2020 02:44
  • I have created firewall rule for blocking the ICMPv4 and ICMPv6 types, but in netmon tool I don't see any differences for the below ICMP types:
     ICMPv4 types "Timestamp Reply (14)," "Netmask Reply (18)," "Information Reply (16)" and "Redirect (5)" and ICMPv6 types "Router Solicitation" (133), "Router Advertisement" (134) und "Redirect" (137)


    I was testing by running the commands ping and tracert, do we need to any test by any other way?
    segunda-feira, 6 de julho de 2020 06:25
  • Hi ,

    Did you mean that you can still receive these ICMP types after creating the block firewall rule?

    The blocking method should be correct. Due to privacy reasons, analysis of network traffic is beyond forum support level, so we cannot help you analyze network traffic to confirm whether above ICMP types are blocked correctly .

    >>I was testing by running the commands ping and tracert, do we need to any test by any other way?

    As far as I know, there is no other way can verify whether these types of ICMP are blocked except capturing network traffic.

    If you indeed want to know whether above ICMP types are blocked correctly, I would suggest you open a case with Microsoft. MS Professional tech support will give you a satisfying explanation and solution.

    Global Customer Service phone numbers 

    Best Regards,

    Candy


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    segunda-feira, 6 de julho de 2020 07:38
  • Hi,


    In netmon tool I see entries only for Echo Request and Echo Reply, apart from that it is not showing any traffic for other ICMP types(14, 18, 16, 5) which I have blocked using the firewall.


    I wanted to know how to capture those types using the netmon.


    segunda-feira, 6 de julho de 2020 08:08
  • Hi ,

    We did not have a scenes that can send out those special ICMP types (14, 18, 16, 5), so I cannot test in my lab to reproduce this situation.

    If you cannot use netmon tool to capture those special ICMP types, you might use wireshark to do a test.

    Best Regards,

    Candy


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    segunda-feira, 6 de julho de 2020 08:30
  • Hi,


    Thanks will try that and let you know.
    segunda-feira, 6 de julho de 2020 08:37
  • I will wait for your updates. :)

    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    segunda-feira, 6 de julho de 2020 08:39
  • Hi,


    I have tested using wireshark also but it is showing the results which is only for Echo Reply and Echo Response not for blocked ICMP types 5, 14, 16, 18.
    segunda-feira, 6 de julho de 2020 09:45

  • Compare the wireshark results when you allow these ICMP types and block these ICMP types.

    Capture the traffic on both source and destination. 


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    segunda-feira, 6 de julho de 2020 10:00
  • Did you capture these special ICMP types successfully? Please feel free to let me know the current progress.


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    terça-feira, 7 de julho de 2020 06:28
  • I have tried but I dont know how to capture those ICMP types. Please let me know if you are aware.
    terça-feira, 7 de julho de 2020 10:32
  • Hi ,

    Check if the following link is helpful with you:

    Can anyone provide some packet trace for below ICMPv4 messages ?

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Best Regards,

    Candy


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    quarta-feira, 8 de julho de 2020 02:47