ICMP Ping constantly ticked--risk or not?

[CJ]

Hello,

I have Xp Home, SP2, and have tried security check with Gibson's
Research Website, which shows that I fail on the "ping" check, but am
secure for all other checks. (grc.com)

When I do to Windows firewall, I notice that ICMP tab has "allow ping"
checked, and I cannot un check this. I have a computer on a wireless
network downstairs, which is (hopefully secure) on a password enabled
network.

Is this why I cannot uncheck the IMCP ping box? Is it a risk please? I
don't recall having this problem before?

Thanks for any advice.

CJ--


---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 0607-2, 16/02/2006
Tested on: 18/02/2006 21:35:30
avast! - copyright (c) 1988-2005 ALWIL Software.
http://www.avast.com

 

[Steven L Umbach]

If you have the file and print sharing exception enabled on your firewall
then the ICMP allow incoming echo request is also enabled and can not be
disabled as long as the file and print sharing exception is enabled though
you should check to make sure that if it is enabled and you need it that it
only allows access from your network only in edit - change scope.

If you are connected to the internet and use cable or DSL and use an
"internet router" then the results would reflect a test of your internet
router in how it is acting to protect your network and they often have a
configuration setting to allow ping response or not. When possible I prefer
to disable ping responses for my internet router or firewall though if it is
not or can not be I don't consider much of a security risk if any. If that
is all that was found I would not be concerned if it is not possible for you
to disable it. Your wireless network could be at risk if you are using WEP
instead of WPA to secure wireless network traffic. Even when using WPA you
should use PSK of at least 15 characters in length and keep written copies
of it somewhere secure. --- Steve

 

[CJ]

If you have the file and print sharing exception enabled on your firewall
then the ICMP allow incoming echo request is also enabled and can not be
disabled as long as the file and print sharing exception is enabled though
you should check to make sure that if it is enabled and you need it that it
only allows access from your network only in edit - change scope.

If you are connected to the internet and use cable or DSL and use an
"internet router" then the results would reflect a test of your internet
router in how it is acting to protect your network and they often have a
configuration setting to allow ping response or not. When possible I prefer
to disable ping responses for my internet router or firewall though if it is
not or can not be I don't consider much of a security risk if any. If that
is all that was found I would not be concerned if it is not possible for you
to disable it. Your wireless network could be at risk if you are using WEP
instead of WPA to secure wireless network traffic. Even when using WPA you
should use PSK of at least 15 characters in length and keep written copies
of it somewhere secure. --- Steve








---
avast! Antivirus: Inbound message clean.
Virus Database (VPS): 0607-2, 16/02/2006
Tested on: 19/02/2006 15:54:38
avast! - copyright (c) 1988-2005 ALWIL Software.
http://www.avast.com

Steve

Thank you for this very thorough and detailed analysis.

Much appreciated.

CJ_--


---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 0607-2, 16/02/2006
Tested on: 19/02/2006 16:01:43
avast! - copyright (c) 1988-2005 ALWIL Software.
http://www.avast.com