Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Firewall ping requests


  • Please log in to reply
27 replies to this topic

#1 kelkay

kelkay

  • Members
  • 292 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:05 AM

Posted 01 September 2015 - 02:18 AM

Please tell me how to configure the Windows Firewall to block, drop, and ignore ping requests!



BC AdBot (Login to Remove)

 


#2 Nikhil_CV

Nikhil_CV

    Vestibulum Bleep


  • Members
  • 1,145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:err: Destination unreachable! bash!
  • Local time:08:35 PM

Posted 02 September 2015 - 08:24 PM

For record:

https://social.technet.microsoft.com/Forums/windows/en-US/5bf17b89-e588-45ae-a7c2-34c1bf0bdf43/windows-firewall-how-block-icmp-echo-ping-response-?forum=w7itprogeneral

https://technet.microsoft.com/en-us/library/cc786463%28v=ws.10%29.aspx


Regards : CV                                                                                                    There is no ONE TOUCH key to security!
                                                                                                                                       Be alert and vigilant....!
                                                                                                                                  Always have a Backup Plan!!! Because human idiotism doesn't have a cure! Stop highlighting!
                                                     Questions are to be asked, it helps you, me and others.  Knowledge is power, only when its shared to others.            :radioactive: signature contents © cv and Someone....... :wink:

#3 kelkay

kelkay
  • Topic Starter

  • Members
  • 292 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:05 AM

Posted 02 September 2015 - 11:32 PM

Thank you for responding.  I tried this one. 

 

<<<Open Windows Firewall with Advanced Security>Inbound Rules>New Rule>Custom Rule>All Programs>Protocol type:  ICMPv4 (then click customize at the bottom)>Specific ICMP types: (tick 'Echo Request') (click OK)>Choose your IP settings>Block Connection>Apply to Domain/Private/Public>Finish.>>>

 

https://social.technet.microsoft.com/Forums/windows/en-US/5bf17b89-e588-45ae-a7c2-34c1bf0bdf43/windows-firewall-how-block-icmp-echo-ping-response-?forum=w7itprogeneral

 

 I am running Win8 at the moment.  I did this for both ICMPv4, and ICMPv6.  I am still showing that my computer is replying to ping requests.  On inbound I also have File and Printer Sharing Echo requests blocked for ICMPv4, and ICMPv6.  I did the same thing for outbound on File and Printer Sharing echo requests.  Would restarting my computer be necessary I wonder?  I went to another browser that I rarely use, and tried that.  Still same thing.  It is seeing that my computer is still responding to ping requests. 



#4 Nikhil_CV

Nikhil_CV

    Vestibulum Bleep


  • Members
  • 1,145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:err: Destination unreachable! bash!
  • Local time:08:35 PM

Posted 03 September 2015 - 02:58 AM

Hi,
I would like to know what you are trying to gain by blocking/dropping the ping traffic, if you don't mind.
Also let me know what is your network setup and how did you test the rules.

Sorry for the lazy reply(first). I thought someone attended the topic earlier.
Regards : CV                                                                                                    There is no ONE TOUCH key to security!
                                                                                                                                       Be alert and vigilant....!
                                                                                                                                  Always have a Backup Plan!!! Because human idiotism doesn't have a cure! Stop highlighting!
                                                     Questions are to be asked, it helps you, me and others.  Knowledge is power, only when its shared to others.            :radioactive: signature contents © cv and Someone....... :wink:

#5 kelkay

kelkay
  • Topic Starter

  • Members
  • 292 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:05 AM

Posted 03 September 2015 - 05:52 PM

It is my understanding that hackers send out ping requests.  If a computer answers, they know it.  If the ports aren't hardened up etc...they can easily get into your computer.  I would prefer my computer not respond to any incoming pings, just to be safe.  Now someone who is sending ping requests for ill gain, may have the skills to also find a way to get into your computer.  I prefer not to get their attention in any way.  There are sites you can go to, that will allow you to test your firewall.  A good while back, I had Zone Alarm.  I had it set to where I could see people hitting my computer with requests, and I could report them.  I don't know if Zone Alarm still does this or not.  I went to another firewall after that time.  It was a paid firewall.  Then I went to Comodo, and now this.  Before when I checked for pings, I had not response from my computer to that incoming ping.  So I never had to make a change.  I am no computer geek, I barely get by.  I can tell you that when I used Zone Alarm, you'd be shocked at how many times your computer was tested.  Most of the ping requests I got were from CHINA.  This was a few years ago, but I haven't forgotten about it.  It was a bit unnerving to tell you the truth.



#6 Nikhil_CV

Nikhil_CV

    Vestibulum Bleep


  • Members
  • 1,145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:err: Destination unreachable! bash!
  • Local time:08:35 PM

Posted 04 September 2015 - 10:58 AM

Hi kelkay,
PING is usually used to test the network connectivity between two end IP addresses. The PING command may be used by certain programs to check for connectivity and such programs may misbehave if the PING is blocked.

Alternatively, what you found is right! PING can be mis-used by attacker to find if the target system/IP address is online, before launching attack or send non-intended data(payload) as PING.

But, this must not be a big concern if you use dynamic IP addresses(ISP gives you a diiferent IP all the time you reconnect to the internet) and you use a standalone modem/router for connecting to internet.

 

I too had used ZA firewall, a few years back. If you configured it to ask for each connection and process trying to access the network, it will prompt you via a popup.

 

 

There are sites you can go to, that will allow you to test your firewall.

Usually, firewalls will have a feature which will stealth the open ports, so its not visible to the outside world.

 

Testing your firewall rules or the ports open using online websites cannot give you accurate results because if your modem/router is between your machine and the ISP, it seperates the network. So, what the websites are scanning will be your modem/router.

 

Did you try choosing all, instead of "Echo Request" only in ICMP types?


Regards : CV                                                                                                    There is no ONE TOUCH key to security!
                                                                                                                                       Be alert and vigilant....!
                                                                                                                                  Always have a Backup Plan!!! Because human idiotism doesn't have a cure! Stop highlighting!
                                                     Questions are to be asked, it helps you, me and others.  Knowledge is power, only when its shared to others.            :radioactive: signature contents © cv and Someone....... :wink:

#7 kelkay

kelkay
  • Topic Starter

  • Members
  • 292 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:05 AM

Posted 04 September 2015 - 04:30 PM

Thank you for the explanation.  Now I am confused on what to do.  No, I just chose the Echo Request only.  On post 3 of this thread, I stated everything I did.



#8 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:05 PM

Posted 04 September 2015 - 05:13 PM

Since you are trying to prevent ICMP traffic from the Internet reaching your computer, we first need to know if your computer has a private or public IP address.

Because if your computer has a private IP address, then the ICMP traffic has to be blocked by your router, and not your computer's firewall.

 

Here's how you can tell if your machine has a public or private IP address: http://www.bleepingcomputer.com/forums/t/536252/how-to-tell-if-you-have-a-private-ip-address-or-a-public-ip-address/


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#9 kelkay

kelkay
  • Topic Starter

  • Members
  • 292 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:05 AM

Posted 07 September 2015 - 01:07 PM

It is private.  I have a wired connection.



#10 Nikhil_CV

Nikhil_CV

    Vestibulum Bleep


  • Members
  • 1,145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:err: Destination unreachable! bash!
  • Local time:08:35 PM

Posted 08 September 2015 - 02:05 PM

So, what I and Didier Stevens tried to tell is true...

Because if your computer has a private IP address, then the ICMP traffic has to be blocked by your router, and not your computer's firewall.


Edited by Nikhil_CV, 08 September 2015 - 02:24 PM.

Regards : CV                                                                                                    There is no ONE TOUCH key to security!
                                                                                                                                       Be alert and vigilant....!
                                                                                                                                  Always have a Backup Plan!!! Because human idiotism doesn't have a cure! Stop highlighting!
                                                     Questions are to be asked, it helps you, me and others.  Knowledge is power, only when its shared to others.            :radioactive: signature contents © cv and Someone....... :wink:

#11 kelkay

kelkay
  • Topic Starter

  • Members
  • 292 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:05 AM

Posted 09 September 2015 - 02:00 PM

So how do you block it with a router, if there is no router?  When I used Comodo and had 8.1, I did not have a problem with accepting ping requests.  I do not know how to fix this. 



#12 Nikhil_CV

Nikhil_CV

    Vestibulum Bleep


  • Members
  • 1,145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:err: Destination unreachable! bash!
  • Local time:08:35 PM

Posted 09 September 2015 - 02:44 PM

 

So how do you block it with a router

Simply create the rule on the router's firewall.

 

 

if there is no router

Then, your modem comes with modem+router combo, probably.

 

 

When I used Comodo and had 8.1, I did not have a problem with accepting ping requests.  I do not know how to fix this.

I'm helpless to comment. Maybe someone else can...


Regards : CV                                                                                                    There is no ONE TOUCH key to security!
                                                                                                                                       Be alert and vigilant....!
                                                                                                                                  Always have a Backup Plan!!! Because human idiotism doesn't have a cure! Stop highlighting!
                                                     Questions are to be asked, it helps you, me and others.  Knowledge is power, only when its shared to others.            :radioactive: signature contents © cv and Someone....... :wink:

#13 kelkay

kelkay
  • Topic Starter

  • Members
  • 292 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:05 AM

Posted 09 September 2015 - 03:14 PM

Well thank you for trying to help me.  I have no router anymore.  I did have a wi-fi router, but after I got this computer it wouldn't work anymore, so I stopped using it.  It was barely over a year old, and the company that manufactured it wanted money to get it to work.  I really don't need it anymore, so I just said forget it.  So I have no router now.  I only have a wired modem. 

 

Last night I put the computer to sleep, instead of shutting it down.  I saw the activity light flashing.  So I presumed someone was trying to ping my computer, so I shut the computer down.  This is worrisome to me. I am supposed to keep this new modem running for 10 days.  Why that is supposed to help, I do not know.  Anyway,  most likely unless they are a dedicated hacker, they won't get through.  But it is aggravating.  I just want this as secure, as I can set it to be. 



#14 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:05 PM

Posted 10 September 2015 - 12:58 PM

Do you know how to ping your machine from another machine on the Internet?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#15 kelkay

kelkay
  • Topic Starter

  • Members
  • 292 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:05 AM

Posted 10 September 2015 - 01:03 PM

I went to a site that does multiple firewall tests for security.  I do not know how to do a ping test any other way. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users