How do I stop my PC from returning a "Ping"?

[Bill]

I just reloacted to AZ from FL and switched from Road Runner to
Comcast Cable,. Now according to GRC's ShieldsUP, the only flaw in my
Windows XP Home system is that it returns anonymous pings:

This is the error message I receive, Ping Reply: RECEIVED (FAILED),
Your system REPLIED to our Ping (ICMP Echo) requests, making it
visible on the Internet. Most personal firewalls can be configured to
block, drop, and ignore such ping requests in order to better hide
systems from hackers. This is highly recommended since "Ping" is among
the oldest and most common methods used to locate systems prior to
further exploitation.

Interestingly enough ShieldsUp did not report this problem when I was
with RR.

FWIW, I do have ZoneAlarm Pro, but have not fund any parameters I can
set to prevent my system from responding to these pings! How much of
a problem is this really, and what can I do to keep my systems from
responding to these pings?

TIA, Bill

 

[Colin Nash [MVP]]

It's a fairly minor "problem." Some would not even consider it a problem at
all.

Are you using a router or are you directly plugged to the cable modem? If
you have a router, then it is responding to the pings. The ShieldsUp site
is actually talking to your router, and your PC is safely hidden behind the
router.

ZoneAlarm Pro, in its default configuration, does block replies to "pings"
as far as I know. Unfortunately, I don't have it so I can't test that.

 

[Lanwench [MVP - Exchange]]

Hmmm, but "ping of death" attacks could be pretty major, should they occur!

I'd make sure inbound ICMP was blocked...along with *all* inbound ports not
absolutely needed (likely to be none on a home PC). I don't have ZA, but I
suggest to the OP that he/she look at the documentation/help files.

 

[Colin Nash [MVP]]

The "ping of death" (malformed ICMP packet causing freeze-up or bluescreen)
hasn't been a problem since 95/NT.

As for DoS attacks through sheer quantity of pings-- well the traffic is
arriving at the host regardless of whether the host is replying to it. On a
large enough attack it won't matter if the host is replying or not. It will
still be flooded. Plus, when was the last time someone orchestrated a
distributed DoS attack against a residential user?

Since a software firewall is already being used, it would be good idea to
make sure its doing its job. (Again, to the original poster: behind a
router it really doesn't matter what you tell ZoneAlarm to do, because the
router is the device that is actually assigned the public "Internet" IP
address that the ShieldsUp site communicates with. Unless the router has a
setting to ignore ICMP echo requests, you'll have to live with the minor
problem. Perhaps the previous Internet provider was blocking this traffic
before it even got to you.)


--
Colin Nash
Microsoft MVP
Windows Printing/Imaging/Hardware




"Lanwench [MVP - Exchange]"

 

[Lanwench [MVP - Exchange]]

Good points....

The "ping of death" (malformed ICMP packet causing freeze-up or
bluescreen) hasn't been a problem since 95/NT.

As for DoS attacks through sheer quantity of pings-- well the traffic
is arriving at the host regardless of whether the host is replying to
it. On a large enough attack it won't matter if the host is replying
or not. It will still be flooded. Plus, when was the last time
someone orchestrated a distributed DoS attack against a residential
user?

Since a software firewall is already being used, it would be good
idea to make sure its doing its job. (Again, to the original poster:
behind a router it really doesn't matter what you tell ZoneAlarm to
do, because the router is the device that is actually assigned the
public "Internet" IP address that the ShieldsUp site communicates
with. Unless the router has a setting to ignore ICMP echo requests,
you'll have to live with the minor problem. Perhaps the previous
Internet provider was blocking this traffic before it even got to
you.)



"Lanwench [MVP - Exchange]"

Hmmm, but "ping of death" attacks could be pretty major, should they
occur!

I'd make sure inbound ICMP was blocked...along with *all* inbound
ports not absolutely needed (likely to be none on a home PC). I
don't have ZA, but I suggest to the OP that he/she look at the
documentation/help files.

 

[Jim Carlock]

ZAP does stop ICMP packets from coming in. It does permit you
to send out packets and retrieve the incoming replies as well.

I would bet that he is behind a router, the router is getting the IP
address and using NAT to forward all information back to his
or her PC. The router probably can be set up to disable ICMP
packets, but sometimes that disables all outgoing packets, and
sometimes there's an option to drop incoming ICMP and permit
ICMP replies. It really depends upon the router/modem in use.

Sometimes DSL modems are configured with two IP addresses,
an internal IP address and an external IP address. I would imagine
that the same could be true for a cable modem as well. I just
haven't seen a cable modem like that yet.

--
Jim Carlock
http://www.microcosmotalk.com/
Post replies to the newsgroup.


"Lanwench [MVP - Exchange]"
Good points....

The "ping of death" (malformed ICMP packet causing freeze-up or
bluescreen) hasn't been a problem since 95/NT.

As for DoS attacks through sheer quantity of pings-- well the traffic
is arriving at the host regardless of whether the host is replying to
it. On a large enough attack it won't matter if the host is replying
or not. It will still be flooded. Plus, when was the last time
someone orchestrated a distributed DoS attack against a residential
user?

Since a software firewall is already being used, it would be good
idea to make sure its doing its job. (Again, to the original poster:
behind a router it really doesn't matter what you tell ZoneAlarm to
do, because the router is the device that is actually assigned the
public "Internet" IP address that the ShieldsUp site communicates
with. Unless the router has a setting to ignore ICMP echo requests,
you'll have to live with the minor problem. Perhaps the previous
Internet provider was blocking this traffic before it even got to
you.)



"Lanwench [MVP - Exchange]"

Hmmm, but "ping of death" attacks could be pretty major, should they
occur!

I'd make sure inbound ICMP was blocked...along with *all* inbound
ports not absolutely needed (likely to be none on a home PC). I
don't have ZA, but I suggest to the OP that he/she look at the
documentation/help files.

 

[Bill]

Yes, ZA does block pings, but it is in "ping blocking mode" yet I was
still getting the alert from GRC.

Comcast installed the WEP system here, but I believe it uses a router.
If ShieldsUp is seeing the router and that's no problem, I'm a happy
camper!

Thanks, Bill

 

[Bill]

Good information Colin, thanks!

Bill

 

[Jim Carlock]

<g> WEP? Hmm... I'm wondering what that means now. Another
acronym! Bahh! LOL I got it...

Windows Evolutionary Ping !
or...
Are you getting married? Cause if you are, that would explain the
acronym.


Web Engagement Product

--
Jim Carlock
http://www.microcosmotalk.com/
Post replies to the newsgroup.


Yes, ZA does block pings, but it is in "ping blocking mode" yet I was
still getting the alert from GRC.

Comcast installed the WEP system here, but I believe it uses a router.
If ShieldsUp is seeing the router and that's no problem, I'm a happy
camper!

Thanks, Bill

 

[Bill]

Hummm, now that you mention it, I'm not sure what it means either.
Comcast calls their wireless network a WEP, which probably means
Wireless E_____ P______ (fill in the blanks).

- Bill

 

[Frank le Spikkin]

Wireless E_____ P______

= Wired Equivalent Privacy
i.e. *designed* to give the same level of security/privacy for a
wireless network that you get on a wired network.

 

[Jim Carlock]

Thanks! One of those questions that you should know the
answer too but you never know. That seems like a strange
acronym. Weird.

--
Jim Carlock
http://www.microcosmotalk.com/
Post replies to the newsgroup.

Wireless E_____ P______

= Wired Equivalent Privacy
i.e. *designed* to give the same level of security/privacy for a
wireless network that you get on a wired network.