Block Incoming Ping Request

Discussion in 'ESET Smart Security' started by wongawallen, Aug 2, 2008.

Thread Status:
Not open for further replies.
  1. wongawallen

    wongawallen Registered Member

    Joined:
    May 25, 2008
    Posts:
    11
    I followed the instructions on a post here at Wilders for creating a rule to do this, however the GRC Shields Up report still comes back with ...

    Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.

    I noticed when I created the Rule to block ICMP, it said "This is too general are you sure you want to add it?" I said Yes because those were the instructions I read on the forum, so didn't know what else to do.

    Also, is it possible to mask your IP address using ESS? and if so, how?
    thx in advance for any help
     
  2. COSMO26

    COSMO26 Registered Member

    Joined:
    Oct 21, 2003
    Posts:
    404
    Until the "brains" show up look at this post (below) I entered as it is somewhat "instructional". This Leak Test topic can promote talking in circles and involve whose definition matters most of "what does Safe really mean?" - or - "I want to break the Malware's jaw with my right hand but ESS uses the left -why?", etc. etc. --

    Try Advance Search for GRC leak and you'll get a mouth-full of opinions.

    https://www.wilderssecurity.com/showthread.php?t=201052&highlight=Leak

    Another: https://www.wilderssecurity.com/showthread.php?t=203689&highlight=Leak
     
    Last edited: Aug 3, 2008
  3. wongawallen

    wongawallen Registered Member

    Joined:
    May 25, 2008
    Posts:
    11
    Thanks COSMO26 .. I'll read up on the links you've posted and hopefully there'll be some more postings later.
     
  4. GAN

    GAN Registered Member

    Joined:
    Mar 3, 2007
    Posts:
    355
    The GRC shields up test (and others) might not be very accurate, but it all depend about your setup. Let's say you have a computer with a private IP adress and a router that perform NAT/PAT to a public IP. Unless you created port forwarding rules on your router to forward all incoming traffic (all protocols and ports) the shieldsup test actually test your router and not the computer. So it might be your router that respond to ping and not your computer. In that case you have to check if your router can be changed to not respond to ping requests.
    If you log all incoming traffic on your computer the shieldsup test should generate a lot of entries in the log for traffic that is blocked/allowed. If you cannot see any such entries then it's obvious that the traffic (portscan done by shieldsup) never actually reach your computer. In that case it's your router that block or respond to traffic like ping (icmp echo).

    Regarding the message "This is too general are you sure you want to add it" this could be because you select to block the ICMP protocol and not just single ICMP type. When you ping an IP address you send a ICMP echo (type 8 ) and the IP address you ping reply with a ICMP echo-reply (type 0 ). That is two different ICMP types and there are several more. If you just want to block echo (so no one get a reply if they ping your IP address) you just block icmp type 8 (echo). I would recommend to block all ICMP types and open those that might be useful like type 0 (echo-reply) for incoming traffic. If ESS have stateful inspection of the ICMP protocol there should be no need for a rule to allow echo-reply though.

    By "mask your IP address" i assume you mean hide your IP address so the other end cannot see your IP? This is not possible with any product. Let's say you visit a webpage and your IP address is hidden then how would it be possible for the server to know where the reply should be sent so you can see the webpage you requested. An option is to use a proxy server. That way the destination host only see the IP address of the proxy server and the proxy will forward the data to your IP. There is also something called IP spoofing, but it's not actually useful for anything except hacking/dos attacks.
     
    Last edited: Aug 3, 2008
Thread Status:
Not open for further replies.