Question about ping, the security risk.

[Guest]

[aweir14150]

My friend is on a dialup connection. He is running another  firewall (I'd rather not mention their name), I was banned from their site for mentioning Comodo and I can no longer post there. They filter out the names of most of their competitors with a "** beep **" so you can't even mention them.   

There is options to allow incoming/outgoing ping, icmp and other igmp.

I have allowed all of these incoming/outgoing ping, icmp, igmp to minimize any conflict with his ISP. The question: is it really unsafe to allow incoming pinging? I mean who cares if a hacker can ping you, right? If you're ports are stealthed, what's the difference?  And besides dialup ISPs hate it when you block their pings!

At first he was blocking ping and his ISP kept disconnecting him, so I allowed it...now it works fine but is it a security risk?

[kail]

Hi aweir14150

Sorry about your banning in the other forums.

Right.. pings. Whilst it will confirm to any potential hacker that a computer is indeed connected to that IP, it is not in self an explicit security risk. After all, IPs that are silent and return nothing also indicate that a computer present & that some sort of firewall is running. So, in summary.. IMHO, you are not at any additional risk by allowing pings. In fact, you might even look like something else, other than a PC running Windows.

[kail]

Additionally, your friend could always define rules to only allow his ISP to perform pings. That might help.

[aweir14150]

I was planning on doing that. How would I find out what IP address I need to allow the pings from?

If I did an "ipconfig /all" would that tell me? Wouldit be their DHCP server or something else?


Thanks

[kail]

It would tell you the gateway server, etc.. if you're connected at the time. But, the keep-alive ping (if that's what it is) could come from anywhere. The best thing to do, would be to block all pings.. monitor the blocks & use that to determine which IP you need to allow. A suck-it-and-see process. 

[aweir14150]

Thank you. So the best thing to do would be to monitor the logs at the time of the disconnection and then create a firewall rule allowing the source dns or IP address to be more specific. This would work for any firewall I suppose including Comodo?

[kail]

Of course, asking the ISP directly might be easier. And, yes.. I assumed that we were not talking about CFP here. But, it should work with any firewall that can block, log & allows you to create customised rules.

[Tags:]