Solved

How to disable ICMP Ping?

Posted on 2007-04-03
9
7,993 Views
Last Modified: 2013-12-04
A friend asked me a good one that I didn't have an answer to, so I thought I'd post here and see if I can learn something new.

He is running Win XP Home Edition, and has Norton's Internet Security (firewall and anti-virus).

A recent scan showed that the port for "ICMP Ping" was open.  I believe this causes a vulnerability, and therefore, he wants to tighten it up.

How bad is this situation?  

How do you disable ICMP Ping?

0
Comment
Question by:Rob132332
  • 3
  • 3
  • 3
9 Comments
 
LVL 4

Accepted Solution

by:
Tomeryos earned 350 total points
ID: 18844779
Hi,

I am not very familiar with the home edition, but in the professional edition, you can access the relevant option by following these steps:
1. open network connection
2. right click the connection to the internet and click properties
3. hit the 'advanced' tab
4. under "windows firewall" click "settings"
5. hit the 'advanced' tab
6. under ICMP click 'settings'
7. uncheck "allow incoming echo requests"

This ICMP Ping isn't a vulnerability by itself. Let me explain you why: most hacks aren't delibrately launched at a certain computer. Most 'hackers' scan a wide variety of network addresses, searching for a particular vulnerability. On their way doing that, they ping the host before they even check for it's open ports (it's vulnerabilites). there is a chance that if they don't get a ping back (a.k.a ICMP echo response) they won't port-scan the computer and thus the chances of being victemaized randomly decreases.

I'm not a hacker myself, but I am almost certain that the above is the only reason. You can have both norton and windows xp firewall working at the same time.
0
 
LVL 11

Author Comment

by:Rob132332
ID: 18844983
Great.  Should I advise them to disable this setting?  What is the default "out-of-the-box" setting?  Thanks for your response!!!
0
 
LVL 4

Expert Comment

by:Tomeryos
ID: 18845064
the "out of the box" setting is checked (to enable ICMP echo) (that's what I see in my computer...)

You can safely advise them to uncheck that box. Don't forget in the future, though, when you try to ping it and you don't get response - you may do that to check if a pc is online and responsive (which is the idea behind ICMP echo request)

You can open the command prompt (start -> run -> cmd) and enter in the window that opens "ping x.x.x.x" where x.x.x.x is the IP of another computer to see that you get a response back. Once you untick the box to "allow icmp echo" you wont get a respond.

Microsoft unticked that box. so can you :) just try in that command prompt, type ping microsoft.com and you won't get a respond.
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 83

Assisted Solution

by:oBdA
oBdA earned 150 total points
ID: 18845145
Just leave it as it is, it makes no difference when you disable ping responses; this will *not* "hide" the machine.
The last router (in this case the ISP's) before the target machine will reply with a "host not reachable" if there is indeed no host at the given address. If there's a machine at this address (whether it's responding or not), the router will send the packet and forget about it.
So with ping response or without, it's easily identifiable that there is a target system for a given address. It's not really worth the bother.
0
 
LVL 11

Author Comment

by:Rob132332
ID: 18845168
Interesting.  I thought I saw that his pc was set-up as a HOST.  

Maybe that's why that norton's scan found this issue.  Do either of you know how I can tell if their pc is set up as a host, and how to disable that feature?  

Thanks again to you both!
0
 
LVL 83

Expert Comment

by:oBdA
ID: 18845243
Hm? A "host" is just any machine connected to a network. I just didn't want to write "machine" over and over again.
0
 
LVL 11

Author Comment

by:Rob132332
ID: 18845283
I probably saw something about the machine being an Internet Connection Sharing (ICS) host for Windows XP.  
0
 
LVL 4

Expert Comment

by:Tomeryos
ID: 18845343
oBdA, I believe you confused the word host with the word node.
a node is any computer or even a device (such as a printer etc) that is connected to the network or plainly saying, has an ip address.

A host is more than a node. it is a node that provides something for the network.

Either that or I invented it right now ;)

Rob132332,
ICS has nothing to do with your original question. An ICS host is a computer that provides internet connection to a computer near him which doesn't have a direct connection to the modem. The only connection is that they both appea in the same page of configurations :)
0
 
LVL 83

Expert Comment

by:oBdA
ID: 18845360
See, for example, http://en.wikipedia.org/wiki/Host

If he has other machines and one connection, then this is a possibility.
The by far easiest way (depending on his connection type) to make this connection as safe as possible is to buy a cheap router (Dlink, Netgear, Linksys, SMC, Belkin ...)
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now