How to block ICMP pings?

[wakish]

HI..

I have tested my security on the link on the faq : https://grc.com/x/ne.dll?bh0bkyd2

I came to know that my pc has the following vulnerability:

Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.

 

 

Please can you help in blocking those ICMP??

My shorewall is set to level: "high" and i have even said NO in the configuration where it says "do you want to broadcast ICMP echo/pings...something like that..But still no +ve result.

 

Thanks!

[paul]

are you plugged into a router?

if you are, I bet that is what is responding to pings.

[wakish]

are you plugged into a router?

if you are, I bet that is what is responding to pings.

 

 

yeah, i'm plug on a router/ethernet adsl stuff..

how to be immune to ICMP here?

[daniewicz]

Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests

 

Yeah, me too.

 

Mandriva 2005 with shorewall. I am sitting behind a router.

[paul]

look at the config for your router ;)

 

some routers you can't turn off icmp replies

[wakish]

look at the config for your router ;)

 

some routers you can't turn off icmp replies

 

I don't find anything about ICMP on my router configuration page :(

 

1) Is there anything else that can be done to prevent ICMP broadcast?

2) Is this vulnerability really serious?

[paul]

nah not serious.

I'd leave it alone ..

 

and infact on my purpose built firewalls I enable ping .. nice for debugging etc.

[tyme]

as long as you aren't forwarding any vulnerable ports through your cable/dsl router you should be pretty safe.

[aioshin]

and your router should be able to be ping such in case that there are network problem, and your provider needs to check if you're up, they should be able to do so, also, some network monitor relies on ping, if they wont be able to ping your side, they will think that the equipment on your side has been down.

[Qchem]

If you're really worried about security it might be worth getting the router to forward ports to a non-existant IP address on your local network.

 

Oddly enough my router sometimes responds to exrternal pings, sometimes it doesn't...

[tyme]

Oddly enough my router sometimes responds to exrternal pings, sometimes it doesn't...

hm, sounds like an attitude problem.

[wakish]

uuummm...ok..thanks guys! In that case, i will leave it like it is ;)