How to disable ICMP Ping?

A friend asked me a good one that I didn't have an answer to, so I thought I'd post here and see if I can learn something new.

He is running Win XP Home Edition, and has Norton's Internet Security (firewall and anti-virus).

A recent scan showed that the port for "ICMP Ping" was open.  I believe this causes a vulnerability, and therefore, he wants to tighten it up.

How bad is this situation?  

How do you disable ICMP Ping?

LVL 11
Who is Participating?

I am not very familiar with the home edition, but in the professional edition, you can access the relevant option by following these steps:
1. open network connection
2. right click the connection to the internet and click properties
3. hit the 'advanced' tab
4. under "windows firewall" click "settings"
5. hit the 'advanced' tab
6. under ICMP click 'settings'
7. uncheck "allow incoming echo requests"

This ICMP Ping isn't a vulnerability by itself. Let me explain you why: most hacks aren't delibrately launched at a certain computer. Most 'hackers' scan a wide variety of network addresses, searching for a particular vulnerability. On their way doing that, they ping the host before they even check for it's open ports (it's vulnerabilites). there is a chance that if they don't get a ping back (a.k.a ICMP echo response) they won't port-scan the computer and thus the chances of being victemaized randomly decreases.

I'm not a hacker myself, but I am almost certain that the above is the only reason. You can have both norton and windows xp firewall working at the same time.
Rob132332Author Commented:
Great.  Should I advise them to disable this setting?  What is the default "out-of-the-box" setting?  Thanks for your response!!!
the "out of the box" setting is checked (to enable ICMP echo) (that's what I see in my computer...)

You can safely advise them to uncheck that box. Don't forget in the future, though, when you try to ping it and you don't get response - you may do that to check if a pc is online and responsive (which is the idea behind ICMP echo request)

You can open the command prompt (start -> run -> cmd) and enter in the window that opens "ping x.x.x.x" where x.x.x.x is the IP of another computer to see that you get a response back. Once you untick the box to "allow icmp echo" you wont get a respond.

Microsoft unticked that box. so can you :) just try in that command prompt, type ping and you won't get a respond.
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Just leave it as it is, it makes no difference when you disable ping responses; this will *not* "hide" the machine.
The last router (in this case the ISP's) before the target machine will reply with a "host not reachable" if there is indeed no host at the given address. If there's a machine at this address (whether it's responding or not), the router will send the packet and forget about it.
So with ping response or without, it's easily identifiable that there is a target system for a given address. It's not really worth the bother.
Rob132332Author Commented:
Interesting.  I thought I saw that his pc was set-up as a HOST.  

Maybe that's why that norton's scan found this issue.  Do either of you know how I can tell if their pc is set up as a host, and how to disable that feature?  

Thanks again to you both!
Hm? A "host" is just any machine connected to a network. I just didn't want to write "machine" over and over again.
Rob132332Author Commented:
I probably saw something about the machine being an Internet Connection Sharing (ICS) host for Windows XP.  
oBdA, I believe you confused the word host with the word node.
a node is any computer or even a device (such as a printer etc) that is connected to the network or plainly saying, has an ip address.

A host is more than a node. it is a node that provides something for the network.

Either that or I invented it right now ;)

ICS has nothing to do with your original question. An ICS host is a computer that provides internet connection to a computer near him which doesn't have a direct connection to the modem. The only connection is that they both appea in the same page of configurations :)
See, for example,

If he has other machines and one connection, then this is a possibility.
The by far easiest way (depending on his connection type) to make this connection as safe as possible is to buy a cheap router (Dlink, Netgear, Linksys, SMC, Belkin ...)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.