Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

How to disable ICMP Ping?

Posted on 2007-04-03
9
7,995 Views
Last Modified: 2013-12-04
A friend asked me a good one that I didn't have an answer to, so I thought I'd post here and see if I can learn something new.

He is running Win XP Home Edition, and has Norton's Internet Security (firewall and anti-virus).

A recent scan showed that the port for "ICMP Ping" was open.  I believe this causes a vulnerability, and therefore, he wants to tighten it up.

How bad is this situation?  

How do you disable ICMP Ping?

0
Comment
Question by:Rob132332
  • 3
  • 3
  • 3
9 Comments
 
LVL 4

Accepted Solution

by:
Tomeryos earned 350 total points
ID: 18844779
Hi,

I am not very familiar with the home edition, but in the professional edition, you can access the relevant option by following these steps:
1. open network connection
2. right click the connection to the internet and click properties
3. hit the 'advanced' tab
4. under "windows firewall" click "settings"
5. hit the 'advanced' tab
6. under ICMP click 'settings'
7. uncheck "allow incoming echo requests"

This ICMP Ping isn't a vulnerability by itself. Let me explain you why: most hacks aren't delibrately launched at a certain computer. Most 'hackers' scan a wide variety of network addresses, searching for a particular vulnerability. On their way doing that, they ping the host before they even check for it's open ports (it's vulnerabilites). there is a chance that if they don't get a ping back (a.k.a ICMP echo response) they won't port-scan the computer and thus the chances of being victemaized randomly decreases.

I'm not a hacker myself, but I am almost certain that the above is the only reason. You can have both norton and windows xp firewall working at the same time.
0
 
LVL 11

Author Comment

by:Rob132332
ID: 18844983
Great.  Should I advise them to disable this setting?  What is the default "out-of-the-box" setting?  Thanks for your response!!!
0
 
LVL 4

Expert Comment

by:Tomeryos
ID: 18845064
the "out of the box" setting is checked (to enable ICMP echo) (that's what I see in my computer...)

You can safely advise them to uncheck that box. Don't forget in the future, though, when you try to ping it and you don't get response - you may do that to check if a pc is online and responsive (which is the idea behind ICMP echo request)

You can open the command prompt (start -> run -> cmd) and enter in the window that opens "ping x.x.x.x" where x.x.x.x is the IP of another computer to see that you get a response back. Once you untick the box to "allow icmp echo" you wont get a respond.

Microsoft unticked that box. so can you :) just try in that command prompt, type ping microsoft.com and you won't get a respond.
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 84

Assisted Solution

by:oBdA
oBdA earned 150 total points
ID: 18845145
Just leave it as it is, it makes no difference when you disable ping responses; this will *not* "hide" the machine.
The last router (in this case the ISP's) before the target machine will reply with a "host not reachable" if there is indeed no host at the given address. If there's a machine at this address (whether it's responding or not), the router will send the packet and forget about it.
So with ping response or without, it's easily identifiable that there is a target system for a given address. It's not really worth the bother.
0
 
LVL 11

Author Comment

by:Rob132332
ID: 18845168
Interesting.  I thought I saw that his pc was set-up as a HOST.  

Maybe that's why that norton's scan found this issue.  Do either of you know how I can tell if their pc is set up as a host, and how to disable that feature?  

Thanks again to you both!
0
 
LVL 84

Expert Comment

by:oBdA
ID: 18845243
Hm? A "host" is just any machine connected to a network. I just didn't want to write "machine" over and over again.
0
 
LVL 11

Author Comment

by:Rob132332
ID: 18845283
I probably saw something about the machine being an Internet Connection Sharing (ICS) host for Windows XP.  
0
 
LVL 4

Expert Comment

by:Tomeryos
ID: 18845343
oBdA, I believe you confused the word host with the word node.
a node is any computer or even a device (such as a printer etc) that is connected to the network or plainly saying, has an ip address.

A host is more than a node. it is a node that provides something for the network.

Either that or I invented it right now ;)

Rob132332,
ICS has nothing to do with your original question. An ICS host is a computer that provides internet connection to a computer near him which doesn't have a direct connection to the modem. The only connection is that they both appea in the same page of configurations :)
0
 
LVL 84

Expert Comment

by:oBdA
ID: 18845360
See, for example, http://en.wikipedia.org/wiki/Host

If he has other machines and one connection, then this is a possibility.
The by far easiest way (depending on his connection type) to make this connection as safe as possible is to buy a cheap router (Dlink, Netgear, Linksys, SMC, Belkin ...)
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Read about achieving the basic levels of HRIS security in the workplace.
This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question