Blocking ping reply

[Guest]

[speedosurfer]

How can i block icmp ping reply comodo received an ping request and reply to this after that mine anti-malware was continous blocking an malware attack. Comodo doesn't work correct ping reply must always be blocked i have blocked many icmp but i don't like it that comodo replys on on ping reply how to block this.

[Vettetech]

First of all it would help if you tell us what version of Comodo you are using so you can post this in the appropriate place. Also are behind a hardware firewall?

[speedosurfer]

Hello Vettetech,

i use comodo firewall 3.0.25.378 and avira premium antivirus and spywareterminator, i received an mail from the support of mine router see the message here:

-----------------------------------------------------------------------------------------------------------------------------------------------
ICMP - Ping response

Thank you very much for your enquiry.

The response of ICMP requests by the public IP address of the FRITZ!Box
cannot be deactivated and does not pose a security risk!

The response of ICMP requests is technically useful as ICMP packets are
used by certain TCP/IP services (e.g. FTP connections or online games) in
order to verify the connection to the client. This can lead to
interferences of the this TCP services when no or no useful reply is
returned. Therefore, it is not intended to completely disable the reply of
ICMP packets.

Incoming ICMP queries do not pose a security threat to the connected
computers connected to the FRITZ!Box as they are only directed to the
public IP address of the FRITZ!Box and cannot be answered by the connected
computers but only by the FRITZ!Box itself.
------------------------------------------------------------------------------------------------------------------------------------------------
When i do an test at www.grc.com then comodo fails to protect me against the ping reply so for an hacker means this hello i am here, what can i do,

regards,

Marco

[Vettetech]

Ok Spyware Terminator is bloated junk and not needed. Secondly I take it a FritzBox is your modem. Does it have a hardware firewall? You need to be sure of this. Check the manufactures site. If it does not then simply run the stealth port wizard that comes with Comodo. Go the the Firewall tab and click on Stealth Port Wizard. Select the option to " block all incoming connections". So uninstall Spyware Terminator since you have Avira which covers your spyware. Also Spyware Terminator has HIPS which is not needed cause Comodo covers that. You need to be sure and find out if your modem has a hardware firewall cause Shields Up checks that first. With a properly configured hardware firewall you can pass Shields Up without Comodo such as in my 2Wire Gateway DSL modem. You need to get into your hardware firewall settings.

[doktornotor]

There's absolutely no point in blocking ping/pong (ICMP echo request/echo reply). It only causes trouble with remote troubleshooting of problems (e.g. when you call your ISP about connection problems, they'll try to ping the IP assigned to you and check whether it's at least connected or not; blocking it can give completely false impression about the cause of the issue).

Blocking ICMP type 8/0/11 (echo request/reply/time exceeded), gives virtually no additional security and is harmful...  It's exactly as useless as setting ESSID broadcast to disabled on wireless. The infamous "explanation" about ICMP on GRC's Shields Up is something that turns me angry every time. 

[Vettetech]

I have had echo ping blocked for years with no problems what so ever.

[speedosurfer]

hello vettetech,

i have spoken with an engineer from Fritz and mine modem/router has an hardware firewall, the settings can't be changed there is no way that an user that can, they told me that router is tuned for safe usage there is no reason they told me to block icmp fully. They are agreed that an hacker can use the ping reply if you there and that is just mine concerning for security reasons an router or firewall must not react on this issues.
So i must live with the explanation of Fritz, why is spyware terminator bloaded software, avira premium is sometimes missing malware so was search assistant zango not detected and also the firewall fails to detect the malware processes and even boclean does nothing.

[Vettetech]

Ok so whats your problem? Avira Premium is one of the best AV's out there. Look how much RAM Spyware Terminator is using. You do not need it. It is bloated junk. As anyone on here. Ask Josh the modder. What malware are you referring to? If you had malware in your pc before Comodo then Comodo will assume everything in your pc is clean. So you mean you were running Avira,BOClean,Spyware Terminator and Comodo all in real time?

[3xist]

Hello,

Running Spyware Terminator & CFP 3 together is a bad idea because they are both HIPS, and CFP 3 is more effective in fighting malware and has the better HIPS.  ST does consume alot of ram... I don't think you need it personally, But hopefully uninstalling it will bring some light out, if not, let us know...

Cheers,
Josh

[doktornotor]

When i do an test at www.grc.com then comodo fails to protect me against the ping reply so for an hacker means this hello i am here, what can i do,

Once again, GRC's get ping/pong completely wrong, see RFC 1122:


3.2.2.6 Echo Request/Reply: RFC-792
Every host MUST implement an ICMP Echo server function that receives Echo Requests and sends corresponding Echo Replies. ... An ICMP Echo Request destined to an IP broadcast or IP multicast address MAY be silently discarded.


Killing ICMP causes real-world trouble, unlike the imaginatory "wow t3h noes, I'm visible and hackers will get me" nonsense published by GRC on Shields Up, upsetting almost all users who have no clue about real security and have been recommended to use Shields Up as a way to test their firewall.  

P.S. Comodo doesn't fail to protect you, it doesn't even receive those packets. And the Fritz!Box thing isn't a blackbox, it's configurable via web interface (and probably telnet as well). No idea whether they make it possible or not to disable ICMP echo request/reply, check the supplied documentation.  Disabling this is in breach of RFC 1122 requirements.

[doktornotor]

GRC's Shields Up! and "true stealth" - firewall test or harmful FUD - my personal rant on GRC's way of firewall setup testing.

[Tags:]