Block Ping (ICMP ECHO) Requests

[Guest]

[wernschmd]

How can I configure Comodo to block, drop and ignore ping (ICMP Echo) requests?

[panic]

How can I configure Comodo to block, drop and ignore ping (ICMP Echo) requests?

G'day, In Network Monitor, click the ADD button. In the NEtwork Control Rule window, set the following parameters;

Action : BLOCK
Protocol : ICMP
Direction : IN
Source IP : ANY
Destination IP : ANY
ICMP Details : Message = ICMP Echo Request

Click OK and move the newly created rule ABOVE the catch all BLOCK rule (usually locted at the bottom of the list).

Hope this helps,
Ewen :-)

[snowflakebeach]

Seems to leak here when I test it against www.grc.com "Shields Up" scanner. Test it yourself, drop your routers firewall and set your Comodo up as you describe and run grc.com "Shields Up" against it, it will fail to block the interrogation as below:

"Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet."

I'd like to hear your results.

[panic]

It isn't sufficient to just disable your routers firewall. To make Shields Up test a personal firewall running behind a router, you have to port forward all the ports you want tested to a particular IP inside your LAN.

Turning the routers firewall off doesn't mean it won't respond to Shields Up, just that it won't filter packts.

Cheers,
Ewen :-)

[orlin]

Seems to leak here when I test it against www.grc.com "Shields Up" scanner. Test it yourself, drop your routers firewall and set your Comodo up as you describe and run grc.com "Shields Up" against it, it will fail to block the interrogation as below:

"Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet."

I'd like to hear your results.

Indeed, I would like to learn how to block/drop/ignore ping requests in order to better hide my system from hackers.
Quoting www.grc.com "Shields Up": "... Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation..."
I was not able to find any help to do the ping request blocking in my Comodo Firewall Pro v. 2.4.18.184.
Thanks!

orlin

[orlin]

so sorry, I already found help right here thanks a lot panic!
will go try Shields-up again now ...

[Teletype]

Hi Panic,

I still can't block the ping from GRC (I made the rule as you suggested).
Any help would be appreciated.

Thanks.

[panic]

Are you behind a router? If so, the router is what is responding to the ping request from ShieldsUp, not your PC.

Ewen :-)

[Teletype]

It isn't sufficient to just disable your routers firewall. To make Shields Up test a personal firewall running behind a router, you have to port forward all the ports you want tested to a particular IP inside your LAN.

Turning the routers firewall off doesn't mean it won't respond to Shields Up, just that it won't filter packts.

Hello Panic,

Yes, I am behind a router. So here is what I did:

1. I connected the computer directly to the DSL MODEM, thus bypassing the router.
2. Went over to GRC's ShieldsUP, and it was still able to PING my system
3. Read over your recommendation for "Port Forwarding", and I must say that I have never done that (i.e., it requires more research on my part)

Two questions:

1. Exactly what are the implications of forwarding all those ports (aside from not getting PING'd)?

2. It seems as if it's too much of a hassle to re-map all those ports to accomplish this simple task. Is there an easier, more elegant way of accomplishing this?

Thanks.

[panic]

G'day,

It is possible that your modem is responding to the the ping request. To test if your your modem or your PC is responding, do the following;

1. clear your firewall logs (this is just to make it easier to identify the ping response when and if it occurs)
2. change the "ping blocking" rule to "Allow and Log"
3. move it to the top of your rules list
4. connect to the internet and retest at ShieldsUp
5. after testing (assuming ShieldsUp reports your system responded), check the firewall logs and see if it recorded a ping response
6. if there was no entry in the logs but ShieldsUp reported a response, it can only be your modem responding
7. if there was an entry, change the "Allow and Log" rule back to "Block" and retest

Let us know how this goes.

Cheers,
Ewen :-)

[Teletype]

Ewen, your guess was right.

There was no entry relating to ICMP in the Comodo logs, yet the GRC site issued its "FAILED" status once again after I rerun the test. The culprit is clearly the DSL MODEM itself, and I'm back to square one.

1. By the way, have you had any luck with masking the PINGs after forwarding your ports?

2. Is the effort worth it?

Thanks again.

[Jen]

I can't seem to get this to work right,I don't know which application path to choose,and I can't find the rule to move the new rule above.

[Teletype]

Finally !     

Jen & all,

Looks like the latest Comodo Firewall (version 3) has a Stealth Ports Wizard that does this job with just one click!

Simply open the Comodo firewall, click on the Firewall button (up on top), and then click on the Stealth Ports Wizard.

I chose the last entry: "Block all incoming connections - stealth my ports to everyone".
When I went to GRC's website and tried its ShieldsUp, all my ports were stealthed!

YES !

Teletype

[Vettetech]

It took you over a year to figure this out? Wow.

[Teletype]

It took you over a year to figure this out? Wow.

You should understand that not everyone has the luxury to spend their time reading detailed "CHANGE LOGS" for every piece of software that they have running on their system everytime the software vendor release a new version!

I had almost completely given up on the idea of stealthing the ICMP port for ping requests thinking that it was an issue with the router. It's very nice that Comodo FW is taking care of this issue for me as it means less tweaking of the hardware on my side!

[Tags:]