Configuring a Firewall to Block Ping Requests: Tips for Network Security

  • Thread starter Thread starter Monique
  • Start date Start date
Click For Summary

Discussion Overview

The discussion revolves around configuring a firewall to block ping (ICMP echo) requests as a measure for network security. Participants explore various methods, implications of blocking ICMP, and potential security risks associated with firewall configurations.

Discussion Character

  • Technical explanation
  • Debate/contested
  • Experimental/applied

Main Points Raised

  • One participant inquires about configuring a firewall to prevent responses to ping requests.
  • Another participant suggests that blocking ping requests may be relevant in the context of a Denial of Service (DoS) attack.
  • A participant clarifies that the provided link describes how to allow ping requests, questioning the safety of blocking all incoming ICMP traffic.
  • There is a discussion about the necessity of ICMP for internet connectivity, with a participant stating that while ICMP cannot be entirely disabled, ICMP echo can be blocked.
  • One participant mentions that their security scanner identified an issue with ping responses despite settings indicating that echo requests were disabled.
  • Another participant raises concerns about potential security risks associated with running a web server and database services that are accessible externally.
  • A participant asks about the necessity of installing firewall software on multiple computers sharing a modem, sharing their experience with connectivity issues when multiple firewalls are installed.
  • It is noted that if computers are connected to a router, firewalls should be installed on each computer, while only one firewall is needed if all computers connect through a single computer to the modem.

Areas of Agreement / Disagreement

Participants express varying opinions on the implications of blocking ICMP requests, the necessity of ICMP for connectivity, and the configuration of firewalls across multiple devices. The discussion remains unresolved with multiple competing views on the best practices for firewall configuration.

Contextual Notes

There are limitations regarding the assumptions about network configurations, the specific firewall software capabilities, and the implications of blocking ICMP traffic that are not fully explored or agreed upon.

Monique
Staff Emeritus
Science Advisor
Gold Member
Messages
4,229
Reaction score
61
Anyone an idea how to configure a firewall so that the system won't reply to a ping (ICMP echo) request?
 
Computer science news on Phys.org
no, I was just doing a system check :) that second link you gave describes how to ALLOW ping requests, should it be safe to configure it to block ALL incoming ICMP?
 
I know it was to allow ping requests, but I assumed you could work backwards and disable ping requests through basically the same method.

You can't disable ICMP since you need it to connect to the internet. What you can disable is ICMP echo. I'm pretty sure Norton does it be default. If it doesn't try ZoneAlarm:

http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp
 
I know it was to allow ping requests, but I assumed you could work backwards and disable ping requests through basically the same method.
Ok, thanks. Actually '8 echo-req' was not enabled, but it is still responding to ping requests. I ran the symantec security scanner which identified the problem, it's strange since nowhere in their documentation does Norton mention how to disable it.
 
Monique are you at work? I ran my own scan on your ip and your running a webserver, ms-sql and mysql. :eek:
 
I am running what? :confused:

and no, I'm not usually at work at this time of day :-p
 
Some more information about the webserver:

A-link Hasbani webadmin (Runs WindWeb 2.0 embedded httpd; Often a DSL router)

I can even go into my browser, type your ip address and go to a webpage. Its an error page, but a webpage none the less.

You should really check it out. That definitely is a security risk.

[edit]Also, the fact that I can actually tell your running mysql is a security risk. I have mysql running, but is hidden by my firewall.
 
Last edited:
dduardo said:
If it doesn't try ZoneAlarm:

http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp
hey David, when I install that firewall.. do I only need to put it on one computer if several computers are sharing the same modem?

When I installed it on one computer, and turned that computer off, the other computer does seem to have a firewall protecting it.

When I installed it on two computers, it seemed to be having problems where sites get disconnected at random intervals (even though the other computer is off) :confused: (when I shut down one of the firewalls things work fine again) :confused:
 
  • #10
If your computers are connected to a router then you need to install the firewall on each computer. If your computers are connected to one computer and that computer is connected to the modem then you only need one firewall.

Note: You should only have one firewall software per computer. If you have norton and zone alarm on one computer funny things might happen.
 

Similar threads

How can I fix a device that requires a ping response from www.skype.com?
  • · Replies 3 ·
Replies
3
Views
2K
How to understand which program is blocking websites?
  • · Replies 6 ·
Replies
6
Views
2K
How can I set up remote assistance software without configuring firewall rules?
  • · Replies 2 ·
Replies
2
Views
2K
Firewall parameters and PC security
  • · Replies 12 ·
Replies
12
Views
3K
Gnome Remote Desktop -- Allow over Ethernet and block over WiFi?
  • · Replies 1 ·
Replies
1
Views
2K
Problems with a USB network adapter for a PC
  • · Replies 15 ·
Replies
15
Views
3K
Zero-day Network Exploits, and Securing a Network Against The Unknown
  • · Replies 5 ·
Replies
5
Views
2K
Using Word for Equation Editing
  • · Replies 15 ·
Replies
15
Views
2K
Chemical Forums down, or how I learned what slowloris is
  • · Replies 8 ·
Replies
8
Views
2K
Downloading videos from TP-Link NVR1108H-W Network Video Recorder
  • · Replies 2 ·
Replies
2
Views
2K