Configuring a Firewall to Block Ping Requests: Tips for Network Security

[Monique]

Anyone an idea how to configure a firewall so that the system won't reply to a ping (ICMP echo) request?

 

[dduardo]

Are you being attacked by a Denial of Service (DoS)?

http://secunia.com/advisories/7900/

Here is how to configure ping requests:

http://service1.symantec.com/SUPPOR...ws 98/Me/2000/XP&src=sg&pcode=npf&svy=&csm=no

 

[Monique]

no, I was just doing a system check :) that second link you gave describes how to ALLOW ping requests, should it be safe to configure it to block ALL incoming ICMP?

 

[dduardo]

I know it was to allow ping requests, but I assumed you could work backwards and disable ping requests through basically the same method.

You can't disable ICMP since you need it to connect to the internet. What you can disable is ICMP echo. I'm pretty sure Norton does it be default. If it doesn't try ZoneAlarm:

http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp

 

[Monique]

I know it was to allow ping requests, but I assumed you could work backwards and disable ping requests through basically the same method.

Ok, thanks. Actually '8 echo-req' was not enabled, but it is still responding to ping requests. I ran the symantec security scanner which identified the problem, it's strange since nowhere in their documentation does Norton mention how to disable it.

 

[dduardo]

Monique are you at work? I ran my own scan on your ip and your running a webserver, ms-sql and mysql.

 

[Monique]

I am running what?

and no, I'm not usually at work at this time of day

 

[dduardo]

Some more information about the webserver:

A-link Hasbani webadmin (Runs WindWeb 2.0 embedded httpd; Often a DSL router)

I can even go into my browser, type your ip address and go to a webpage. Its an error page, but a webpage none the less.

You should really check it out. That definitely is a security risk.

[edit]Also, the fact that I can actually tell your running mysql is a security risk. I have mysql running, but is hidden by my firewall.

 

[Monique]

If it doesn't try ZoneAlarm:

http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp

hey David, when I install that firewall.. do I only need to put it on one computer if several computers are sharing the same modem?

When I installed it on one computer, and turned that computer off, the other computer does seem to have a firewall protecting it.

When I installed it on two computers, it seemed to be having problems where sites get disconnected at random intervals (even though the other computer is off) (when I shut down one of the firewalls things work fine again)

 

[dduardo]

If your computers are connected to a router then you need to install the firewall on each computer. If your computers are connected to one computer and that computer is connected to the modem then you only need one firewall.

Note: You should only have one firewall software per computer. If you have norton and zone alarm on one computer funny things might happen.