Windows Firewall No Longer Successful in Shields Up Test?

Discussion in 'other firewalls' started by SwordOfSecurity, May 28, 2006.

Thread Status:
Not open for further replies.
  1. SwordOfSecurity

    SwordOfSecurity Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    108
    Location:
    Canada
    Issues Concerning Windows Firewall's Effectiveness

    Well to be honest, I haven't been keeping up-to-date on firewall issues, but previously when I tested Windows firewall on the GRC Shields Up! test, it checked out as a complete pass. Now after a while when I did a test on my brother's clean computer with Windows Firewall set on its maximum settings, the test showed that it did pass in the everything except the ping echo portion of it. Turns out that the computer still replied to the ping echo! This issue concerns me a bit since his computer is no longer completely "hidden", yet my brother still insists he have a basic, lightweight firewall (doesn't really want to change) so I was wondering, is everyone else experiencing similar test results with Windows Firewall? Or is something wrong with our settings? (which is odd, because I even reset to default and checked to make sure everything was secure with no specific allows) And if so, does anyone know how I can fix it?
     
    Last edited: May 29, 2006
  2. trickyricky

    trickyricky Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    475
    Location:
    London, UK
    You can turn off the ping response in the firewall's advanced settings.

    Go to Control Panel | Windows Firewall | Advanced tab | Appropriate network | Settings button | ICMP tab and turn off everything, particularly the top item "Allow incoming echo reqest".

    That should kill the ping response completely.
     
  3. matousec

    matousec Registered Member

    Joined:
    May 17, 2006
    Posts:
    32
    According to RFC 1122:

    RFCs really should be followed. It is a bad idea not to respond to pings. There is no security flaw in this, this is a myth. If you allow pinging your computer you are still safe. It is not true that if you deny response to ICMP that you are hidden from attacks. Firstly, most random attacks do not even try to ping you before they attack. Secondly, try http://www.insecure.org/nmap/.
     
  4. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    ICMP is like NetBIOS, it can blocked if an user or his internet do not need it. I have it blocked and I can use p2p, play online games, listen/watch streaming and I have no problems at all.
     
  5. matousec

    matousec Registered Member

    Joined:
    May 17, 2006
    Posts:
    32
    ICMP is not like NetBIOS. No RFC is speaking about having NetBIOS enabled. Common users should not be told this because it can cause problems. For example if your ISP changes some settings or hardware and some problems appear it is ICMP what will be used for diagnostics, it will be because it is the purpose of ICMP protocol. If you tell users that to deny ICMP is ok you can cause a lot of troubles to them. Ok, 99% will live with no problems with ICMP disabled but still there are some that will be in trouble (or at least e.g. their ISP will have more work because of it). The important thing here is that there is no why to disable ICMP - it is not dangerous to have it enabled. Please follow standards, follow RFCs.
     
  6. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    Of course not, I will not tell such a user not to block ICMP or not to use realtime AV, because it is useless and so on, but I guess, that Wilders Security Forums members have a good knowledge about computers and security, otherwise, they would not be registried here. I used NetBIOS just as an example, because some programs or internet do not work without it. ;)
     
    Last edited: May 29, 2006
  7. SwordOfSecurity

    SwordOfSecurity Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    108
    Location:
    Canada
    Alright, thanks for the input guys, guess it's fine to have things this way. However, my question still hasn't been completely answered--has anyone else been experiencing the same results from the test using Windows Firewall? Just a bit curious.
     
  8. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    If you are behind a router or some sort of hardware firewall, it is ALWAYS in charge of either dropping or acknowledging pings. Even if you place your pc in the "DMZ" and have all traffic forwarded to it, only tcp connections and udp packets are forwarded. This may be your problem ;)

    Otherwise, I hate to say it, but who cares. Stealth and dropping ping packets is a waste of time, effort, and actually is against some internet regulations. As long as you have closed ports, you are good to go.

    Cheers,

    Alphalutra1
     
  9. SwordOfSecurity

    SwordOfSecurity Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    108
    Location:
    Canada

    Thanks once again, good information for me to remember :p
     
Loading...
Thread Status:
Not open for further replies.