Solved

How to disable ICMP Ping?

Posted on 2007-04-03
9
7,988 Views
Last Modified: 2013-12-04
A friend asked me a good one that I didn't have an answer to, so I thought I'd post here and see if I can learn something new.

He is running Win XP Home Edition, and has Norton's Internet Security (firewall and anti-virus).

A recent scan showed that the port for "ICMP Ping" was open.  I believe this causes a vulnerability, and therefore, he wants to tighten it up.

How bad is this situation?  

How do you disable ICMP Ping?

0
Comment
Question by:Rob132332
  • 3
  • 3
  • 3
9 Comments
 
LVL 4

Accepted Solution

by:
Tomeryos earned 350 total points
Comment Utility
Hi,

I am not very familiar with the home edition, but in the professional edition, you can access the relevant option by following these steps:
1. open network connection
2. right click the connection to the internet and click properties
3. hit the 'advanced' tab
4. under "windows firewall" click "settings"
5. hit the 'advanced' tab
6. under ICMP click 'settings'
7. uncheck "allow incoming echo requests"

This ICMP Ping isn't a vulnerability by itself. Let me explain you why: most hacks aren't delibrately launched at a certain computer. Most 'hackers' scan a wide variety of network addresses, searching for a particular vulnerability. On their way doing that, they ping the host before they even check for it's open ports (it's vulnerabilites). there is a chance that if they don't get a ping back (a.k.a ICMP echo response) they won't port-scan the computer and thus the chances of being victemaized randomly decreases.

I'm not a hacker myself, but I am almost certain that the above is the only reason. You can have both norton and windows xp firewall working at the same time.
0
 
LVL 11

Author Comment

by:Rob132332
Comment Utility
Great.  Should I advise them to disable this setting?  What is the default "out-of-the-box" setting?  Thanks for your response!!!
0
 
LVL 4

Expert Comment

by:Tomeryos
Comment Utility
the "out of the box" setting is checked (to enable ICMP echo) (that's what I see in my computer...)

You can safely advise them to uncheck that box. Don't forget in the future, though, when you try to ping it and you don't get response - you may do that to check if a pc is online and responsive (which is the idea behind ICMP echo request)

You can open the command prompt (start -> run -> cmd) and enter in the window that opens "ping x.x.x.x" where x.x.x.x is the IP of another computer to see that you get a response back. Once you untick the box to "allow icmp echo" you wont get a respond.

Microsoft unticked that box. so can you :) just try in that command prompt, type ping microsoft.com and you won't get a respond.
0
 
LVL 82

Assisted Solution

by:oBdA
oBdA earned 150 total points
Comment Utility
Just leave it as it is, it makes no difference when you disable ping responses; this will *not* "hide" the machine.
The last router (in this case the ISP's) before the target machine will reply with a "host not reachable" if there is indeed no host at the given address. If there's a machine at this address (whether it's responding or not), the router will send the packet and forget about it.
So with ping response or without, it's easily identifiable that there is a target system for a given address. It's not really worth the bother.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 11

Author Comment

by:Rob132332
Comment Utility
Interesting.  I thought I saw that his pc was set-up as a HOST.  

Maybe that's why that norton's scan found this issue.  Do either of you know how I can tell if their pc is set up as a host, and how to disable that feature?  

Thanks again to you both!
0
 
LVL 82

Expert Comment

by:oBdA
Comment Utility
Hm? A "host" is just any machine connected to a network. I just didn't want to write "machine" over and over again.
0
 
LVL 11

Author Comment

by:Rob132332
Comment Utility
I probably saw something about the machine being an Internet Connection Sharing (ICS) host for Windows XP.  
0
 
LVL 4

Expert Comment

by:Tomeryos
Comment Utility
oBdA, I believe you confused the word host with the word node.
a node is any computer or even a device (such as a printer etc) that is connected to the network or plainly saying, has an ip address.

A host is more than a node. it is a node that provides something for the network.

Either that or I invented it right now ;)

Rob132332,
ICS has nothing to do with your original question. An ICS host is a computer that provides internet connection to a computer near him which doesn't have a direct connection to the modem. The only connection is that they both appea in the same page of configurations :)
0
 
LVL 82

Expert Comment

by:oBdA
Comment Utility
See, for example, http://en.wikipedia.org/wiki/Host

If he has other machines and one connection, then this is a possibility.
The by far easiest way (depending on his connection type) to make this connection as safe as possible is to buy a cheap router (Dlink, Netgear, Linksys, SMC, Belkin ...)
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
ACL per VPN User 12 100
Questions Vulnerability apps and results 3 49
Security Permissions Issues 10 59
ipsec tunnel comme not up 10 20
You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now