ICMP blocking, bad idea or security improvement?

Discussion in 'other firewalls' started by mack_guy911, Aug 24, 2007.

Thread Status:
Not open for further replies.
  1. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    And who's saying that the toolbar is spyware with no concrete evidence? An impartial researcher? An unbiased security expert? Noooo, it's a "Look n' Stop Expert"! :D
     
  2. wat0114

    wat0114 Guest

    In response to the queston:

    Matousec quotes:

    But he does not explain why. With three, non-networked home pc's I have both enabled and disabled that option in my router, without seeing any difference in either case. I do not know what else to say :doubt: Can anyone else offer their opinion on whether or not allowing pings responses is advantageous or disadvantageous?
     
  3. herbalist

    herbalist Guest

    On the original thread subject, blocking ICMP, I prefer to block everything that's not necessary for normal operation. With some ISPs, echo reply is necessary to keep from being disconnected, primarily dialup and some others that dynamically assign IPs. With these internet services, systems that don't reply to a ping are assumed to be offline and the IP gets reassigned. None of the dialup or DSL services I've used did this, but some do.

    There are advantages to not acknowleging your presence on the net. A potential attacker has to determine which of these is true:
    1, the IP is unused,
    2, the IP is assigned to a system that's shut down or not connected,
    3, the IP is in use by a system that doesn't respond.
    With the first 2, there's nothing to attack. The time a potential attacker spends trying to verify your existence is that much less time he spent trying to attack it. If you begin with the assumption that no firewall is 100% impenetrable, making it more difficult to determine the status of your system makes sense.

    With all that said, ICMP is only one of many ways to determine if a given system is online. Port scans are another. With high speed and static IPs becoming the norm, stealth is not the advantage it used to be. When dialup and floating IPs were the norm, finding a stealthed system was half the battle. With a static IP, you become a stationary target. Being stealthed still serves to hide whether your system is running and/or connected, but your existence is easier to determine. Being stealthed isn't as big of an advantage as some make it out to be but every little bit helps.
    Rick
     
  4. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,637
    Hi all :)

    "Drive Consumers to your website" ...

    "When a customer conducts a search using the TrustToolbar Search Box, you have the opportunity to drive that customer to your website by registering Elite Keywords. Customers entering your Elite Keyword will be driven directly to your website (or even a deep content link to a specific page within your website)."

    http://www.trusttoolbar.com/advertisers/index.html

    Made by Comodo for you gentlemen.
    Be comfortable while surfing on Internet: have your own "driver"...

    :D
     
  5. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,637
    Hi solcroft

    Thank you for your comment.

    For sure a LnS guy have a BIAS when talking about a spyware "toolbar".
    Very logic indeed.

    Why don't install that marvellous Toolbar right away ?

    :D

    (have fun)
     
    Last edited: Aug 24, 2007
  6. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,637
    Hi wat0114 :)

    I doesn't explain why because it's impossible to cause problem to your PC connected to Internet with this well known firewall setup:

    Heres the correct way to implement ICMP over Internet in your firewall:

    Authorise Type 8 code 0 outgoing only (echo)
    Authorise Type 0 code 0 incoming only (echo respond)
    Authorise Type 11 code 0 incoming only (timeout) used by trace route

    Block incoming and outgoing all the other type/code of the ICMP.

    This information at Matousec web site mislead poeple: there is no side effect of using this setup and possible security risks if any ICMP type/code are received and send ...

    Why a security site so dedicated to find the truth about firewall leaking is so lousy with this ? Unbelievable!

    :)
     
  7. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,637
    Hi Alphalutra1 :)

    Oups ! I just see your post and question. Sorry for the delay.

    1) Yes, I believed it's better for a PC connected to Internet as a "client" to be stealth.

    This is possible only with this condition: the PC is a "client" only.
    If you have a server installed and runing like a p2p program, stealthing is impossible. This is normal: a server must answer to unsollicitated packets ... (if they are legal/normal TCP packets, in the format required by the kind of server, with the required data format...)

    2) The ICMP setup I'm talking about looks in contradiction with a stealthed state.

    Your PC is allowed to ping other machines over Internet and received the answer to this ping. This is a sollicited packet. And the PC is still stealth (for the ICMP)...

    :)
     
  8. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,637
    Hi mack_guy911 :)


    Sorry for all these out of the scope posts (I'm responsible for this I guess :oops: )
    Wilders Security Forums are full of passionates users and this happen sometimes.

    Hope you find information valuable for you.

    Have a nice week end.
    :)
     
  9. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Thank you for your sudden display of insight. How I wish you'd realized this during your subtle hinting of Melih being untrusworthy when he claimed that the toolbar isn't spyware just because he's a Comodo CEO. Or perhaps it takes your own warped logic being used on you before you realize how s*****d it is?
     
  10. wat0114

    wat0114 Guest

    Those icmp settings are similarly setup as default in my firewall (Outpost), with the exception of Destination Unreachable: in/out allowed and Router Solicitation: in/out allowed. My feeling is that in certain situations such as mine, disabling ping responses is harmless, but maybe it could cause problems on a LAN. Im not sure.

    Thank you for your comments and thank you, too, herbalist :)
     
  11. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,637
    Hi

    I still have the same bad opinion about Comodo and their strange mix of spyware and security products.
    I was sorry for the user mack_guy911 NOT FOR YOU OR MELIH or any Comodo believer.

    "Drive Consumers to your website" ...

    "When a customer conducts a search using the TrustToolbar Search Box, you have the opportunity to drive that customer to your website by registering Elite Keywords. Customers entering your Elite Keyword will be driven directly to your website (or even a deep content link to a specific page within your website)."

    http://www.trusttoolbar.com/advertisers/index.html

    This is a spyware made by Comodo. Like to be "drive" by Melih stuff ? Go ahead and have fun.

    Put that in your pipe and smoke it.

    Bye.

    P.S.
    Funny question for your "insight" :
    Did Melih FW protect against this Toolbar threat or this leak is not important for him?
    ;)
     
    Last edited: Aug 24, 2007
  12. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    This is my point of view expressed with better words :)

    As for Comodo, it always behaved "bad" on my systems (buggy behaviours) but I can't say anything bad about Comodo.
     
  13. herbalist

    herbalist Guest

    IMO, It's better to stealth all the ports as opposed to just the open ones. If an attacker scans a set of ports and all but one or two reply "closed", it's the ones that didn't reply that will draw their attention. That kind of configuration suggests that they're open, with just a software firewall in the way. The mixed results not only draw attention to the open ports, the unique pattern can serve as an easy way to identify your system, almost like a signature.
    Rick
     
  14. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    When all else fails, bring out the "fan" argument. How typical. :D

    I trust you are relying on your own biases and interpretations (as is the case with everything else you've said about Comodo so far) on selling to others that Comodo produces spyware. To be honest, I'm more willing to take the word of a major security management systems company that the software is safe, over the disgruntled rantings of a competitor's employee.

    So let's see: no concrete proof about the firewall, try to cast FUD on firewall by drawing attention to another piece of software, about which there is no concrete proof either. A job well done, Look n' Stop Expert... not.

    Put that in your pipe and smoke it.

    Bye.
     
  15. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,637
    Hi

    The same poeple produce a spyware toolbar and a firewall.

    This is correct to ask question about this strange combination of opposite activities. I'm very skeptical...

    Also you may (try) to insult me as much as you wish.

    I don't care.

    Bye.

    P.S.

    I'm NOT an employee of LnS.


    :D
     
  16. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Since having evidence to prove your words is obviously not on your list of priorities when you open your mouth, why not just go all the way and say the firewall is spyware? ;)
     
  17. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    I think unfounded accusations have been made on both sides...
    ...so, can we agree on the "ping-debate" at leasto_O That was the topic opener!
     
  18. mack_guy911

    mack_guy911 Registered Member

    Joined:
    Mar 21, 2007
    Posts:
    2,677
    Last edited: Aug 25, 2007
  19. Mr. Malware

    Mr. Malware Registered Member

    Joined:
    Jan 22, 2007
    Posts:
    15
    Climenole

    I agree with you. I will never use Comodo products because they
    are not to be trusted.
    As for a Firewall that is free or any free product they are "substandard"
    You get what you pay for.
    I would rather use paid software than some of the free junk that is on the market.
    As I said before on many forums, "I wouldn't touch Comodo products with a ten foot pole"
     
  20. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I do get tired of some members posting info without making any correct checks. Having bad feelings about software is complete bull.
    Install and check out software before posting crap.

    Comodo trust toolbar:-

    HJT reports:- additions of:

    hjt.JPG

    Castlecops report:-

    castlecops.JPG

    Members, do realsie (if you have not already), I am no great supporter of Comodo, I just support facts, not bull.
     
  21. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hey folks. As I look at the subject of this thread I don't see the work Comodo anywhere. The subject is about ICMP blocking.

    While the debate about Comodo is probably endless, it never the less isn't the topic of this thread.

    Please stay on topic and also please refrain from any comments about posters.

    Thanks,

    Pete
     
  22. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    My fault, I misread the outgoing for type 8 as incoming, which would not exactly be the same thing :p

    Cheers,

    Alphalutra1
     
  23. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,637
    HI Stern

    I'm THAT member...


    I don't trust people who makes simultaneously a spyware AND a security program. I have a bad feeling about this ...


    Look at this please instead of saying that I'm a bullshiter: (I trust CastleCops not Comodo)
     

    Attached Files:

  24. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,637
    Hi Peter2150 :)

    You're absolutly right.

    My answer to Stern is my final port for this loooong thread.

    Have a nice day.

    :)
     
  25. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi Climelone

    Once again you are posting without checking. This is NOT added with the current trust toolbar, if it was, I would of posted the info.

    You are posting old/outdated info.


    I am wasting no more time with you.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.