Solved

How to disable ICMP Ping?

Posted on 2007-04-03
9
8,000 Views
Last Modified: 2013-12-04
A friend asked me a good one that I didn't have an answer to, so I thought I'd post here and see if I can learn something new.

He is running Win XP Home Edition, and has Norton's Internet Security (firewall and anti-virus).

A recent scan showed that the port for "ICMP Ping" was open.  I believe this causes a vulnerability, and therefore, he wants to tighten it up.

How bad is this situation?  

How do you disable ICMP Ping?

0
Comment
Question by:Rob132332
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 3
9 Comments
 
LVL 4

Accepted Solution

by:
Tomeryos earned 350 total points
ID: 18844779
Hi,

I am not very familiar with the home edition, but in the professional edition, you can access the relevant option by following these steps:
1. open network connection
2. right click the connection to the internet and click properties
3. hit the 'advanced' tab
4. under "windows firewall" click "settings"
5. hit the 'advanced' tab
6. under ICMP click 'settings'
7. uncheck "allow incoming echo requests"

This ICMP Ping isn't a vulnerability by itself. Let me explain you why: most hacks aren't delibrately launched at a certain computer. Most 'hackers' scan a wide variety of network addresses, searching for a particular vulnerability. On their way doing that, they ping the host before they even check for it's open ports (it's vulnerabilites). there is a chance that if they don't get a ping back (a.k.a ICMP echo response) they won't port-scan the computer and thus the chances of being victemaized randomly decreases.

I'm not a hacker myself, but I am almost certain that the above is the only reason. You can have both norton and windows xp firewall working at the same time.
0
 
LVL 11

Author Comment

by:Rob132332
ID: 18844983
Great.  Should I advise them to disable this setting?  What is the default "out-of-the-box" setting?  Thanks for your response!!!
0
 
LVL 4

Expert Comment

by:Tomeryos
ID: 18845064
the "out of the box" setting is checked (to enable ICMP echo) (that's what I see in my computer...)

You can safely advise them to uncheck that box. Don't forget in the future, though, when you try to ping it and you don't get response - you may do that to check if a pc is online and responsive (which is the idea behind ICMP echo request)

You can open the command prompt (start -> run -> cmd) and enter in the window that opens "ping x.x.x.x" where x.x.x.x is the IP of another computer to see that you get a response back. Once you untick the box to "allow icmp echo" you wont get a respond.

Microsoft unticked that box. so can you :) just try in that command prompt, type ping microsoft.com and you won't get a respond.
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

 
LVL 85

Assisted Solution

by:oBdA
oBdA earned 150 total points
ID: 18845145
Just leave it as it is, it makes no difference when you disable ping responses; this will *not* "hide" the machine.
The last router (in this case the ISP's) before the target machine will reply with a "host not reachable" if there is indeed no host at the given address. If there's a machine at this address (whether it's responding or not), the router will send the packet and forget about it.
So with ping response or without, it's easily identifiable that there is a target system for a given address. It's not really worth the bother.
0
 
LVL 11

Author Comment

by:Rob132332
ID: 18845168
Interesting.  I thought I saw that his pc was set-up as a HOST.  

Maybe that's why that norton's scan found this issue.  Do either of you know how I can tell if their pc is set up as a host, and how to disable that feature?  

Thanks again to you both!
0
 
LVL 85

Expert Comment

by:oBdA
ID: 18845243
Hm? A "host" is just any machine connected to a network. I just didn't want to write "machine" over and over again.
0
 
LVL 11

Author Comment

by:Rob132332
ID: 18845283
I probably saw something about the machine being an Internet Connection Sharing (ICS) host for Windows XP.  
0
 
LVL 4

Expert Comment

by:Tomeryos
ID: 18845343
oBdA, I believe you confused the word host with the word node.
a node is any computer or even a device (such as a printer etc) that is connected to the network or plainly saying, has an ip address.

A host is more than a node. it is a node that provides something for the network.

Either that or I invented it right now ;)

Rob132332,
ICS has nothing to do with your original question. An ICS host is a computer that provides internet connection to a computer near him which doesn't have a direct connection to the modem. The only connection is that they both appea in the same page of configurations :)
0
 
LVL 85

Expert Comment

by:oBdA
ID: 18845360
See, for example, http://en.wikipedia.org/wiki/Host

If he has other machines and one connection, then this is a possibility.
The by far easiest way (depending on his connection type) to make this connection as safe as possible is to buy a cheap router (Dlink, Netgear, Linksys, SMC, Belkin ...)
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question