detect when server gets pinged
Greetings All,
I am looking for a way to find out when one of my Windows Servers (both 2008 and 2003) get pinged. I am not trying to block pings I just want a way for the server to write a message to one of the event logs or something.
I have just under 500 servers running the various flavors of Windows Server from 2003 to 2008 with and without R2 all at the latest available service packs. I am not running the Windows firewall on any of the servers though I might be willing to turn it
on if there is way for it to log this info but not actually block any traffic.
Any suggestions would be appreciated.
Thanks,
Greg
September 7th, 2011 3:57pm
Hello,
personally I don't know a Microsoft solution that performs that.
Possible this could be done via a third party software.
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft Student
Partner 2010 / 2011
Microsoft Certified Professional
Microsoft Certified Systems Administrator:
Security
Microsoft Certified Systems Engineer:
Security
Microsoft Certified Technology Specialist:
Windows Server 2008 Active Directory, Configuration
Microsoft Certified Technology Specialist:
Windows Server 2008 Network Infrastructure, Configuration
Microsoft Certified Technology Specialist:
Windows Server 2008 Applications Infrastructure, Configuration
Microsoft Certified Technology Specialist:
Windows 7, Configuring
Microsoft Certified IT Professional: Enterprise
Administrator
Microsoft Certified IT Professional: Server Administrator
Free Windows Admin Tool Kit Click here and download it now
September 7th, 2011 4:14pm
I am looking for a way to find out when one of my Windows Servers (both 2008 and 2003) get pinged. I am not trying to block pings I just want a way for the server to write a message to one of the event logs or something.
I have just under 500 servers running the various flavors of Windows Server from 2003 to 2008 with and without R2 all at the latest available service packs. I am not running the Windows firewall on any of the servers though I might be willing to turn it
on if there is way for it to log this info but not actually block any traffic.
You may try enabling the firewall and configuring it to log both accepted and discarded packets; not sure it will work for ICMP type 8 (aka "ping") packets too, but may be worth a try; if it will work, you should find the ping requests inside the firewall
logfile
By the way, if you could explain what you want to achieve (set aside "detecting ping") there may be some other way to do it
September 8th, 2011 3:57am
Thanks for the idea ObiWan, I am just looking for a way to find out if someone is pinging my servers. Perhaps doing a ping sweep. I am not looking to block this traffic but on occassion I might want to see who has been pinging my servers.
Free Windows Admin Tool Kit Click here and download it now
September 8th, 2011 1:33pm
Thanks for the idea ObiWan
You're welcome... did you try it and check if it works ? See, didn't check if, in effect, the windows firewall also logs such allowed ICMP packets.
I am just looking for a way to find out if someone is pinging my servers. Perhaps doing a ping sweep. I am not looking to block this traffic but on occassion I might want to see who has been pinging my servers.
Hmm... in such a case, using the local firewall won't be so efficient since you'll need to monitor each box log; given that you have a router or an hardware firewall in front of your servers, a better approach would be leveraging the logging capabilities
of such devices and being able to monitor all the boxes at once; this will also ease detecting "ping sweeps" which would otherwise, only be detected by comparing the various entries from the various servers logs
Notice that if what you're trying to achieve is some kind of monitoring of your servers to detect "attack" attempts or signs of compromission, you may want to consider installing
this program (on a host or on a VM), and configuring things so that the box/VM running the program will be able to "see" all traffic flowing between your servers and the internet; at that
point you'll be able to receive alerts and reports in case of whatever suspicious activity; for some examples, see
here and
here
HTH
September 9th, 2011 5:55am