Ok. I checked those threads. They talk about ping requests not being blocked. I also went to shield-up and failed the test because my ping wasn’t blocked. How can I fix this and will the fix also stop the alerts I posted about. Thanks.
Counter that by creating a NetMon rule:
Permission: Allow
Protocol: ICMP
Direction: Out
Source IP: 192.168.1.96
Destination IP: 192.168.1.254
ICMP Details: Icmp Port Unreachable
Counter that by creating a NetMon rule:
Permission: Allow
Protocol: ICMP
Direction: In
Source IP: 192.168.1.254
Destination IP: 192.168.1.96
ICMP Details: Icmp Echo Request
Once created, move those rules above the last blocking all IP in & out rule. Ordering matters. First one has the highest precedence, last one has the lowest.
Is your modem also a router? It’s possible that that Shields-Up scanned your router instead of your computer. Default rules should already protect from pings unless you created an allowed ICMP Echo Reply for incoming connections rule.
I don’t know if the modem is also a router but it I can log into it. I didn’t see anything about echo or ping in the config of the modem. In Comodo, I have a rule which was there by default. It is…ALLOW ICMP OUT from IP (ANY) to IP (ANY) where ICMP is ECHO REQUEST.
Are you still receiving alerts in the log about the port unreachables or is that part resolved?
I don’t know why Shields Up! is failing you with pings because you don’t have any allowed incoming ICMP Echo Request rules except rule 6, but that’s just specific to your router and PC. :THNK
After adding rule 5 and 6, this fixed the first problem, thanks. But now I am getting an ICMP incoming alert from my “OUTSIDE IP” to my PC. It is a port unreachable alert. I am also still failing the Shields Up ping test. Thanks again for your help.
CFP default netmon rules blocks ICMP port unreachables. Unless you do p2p or you don’t mind it, a lot of users prefer them to be blocked. In case you want to allow it:
Permission: Allow
Protocol: ICMP
Direction: In
Source IP: Any
Destination IP: Any (or your trusted network)
ICMP Details: Icmp Port Unreachable
Perhaps someone else (:NRD) enough might know why your PC is still accepting pings.
You’ve got a Network rule in CFP now to allow the ping between computer and router; if your router is configured to allow pings thru it, then it’s going to forward those on to your computer, which won’t know the difference between a ping from the router and one from the outside. Thus, it would be allowed there as well, and the test would be failed.
The router may automatically pass them thru. Personally, I’d not create rules to allow them; serves no purpose, IMO.
After all, they were blocked to begin with; if everything worked fine then, why add rules to allow the ICMP traffic. I’m not saying it’s a vulnerability, but why allow it if it’s not needed?
If you don’t want the log entries, just change the rules to Block instead of Allow, and don’t log.
But that’s just me. At any rate, that’s the only scenario that I see, whereby the GRC test would fail; the router has to be allowing the ping, and you’ve got rules to allow it in the FW to the router.
So you would not have added rules # 5 and #6 from my screenshot? Even before I created those rules, the GRC test failed. I have a westell dsl modem. If you know where I can turn the ping off there that will be great.
No, I wouldn’t add those rules. I see no purpose in it. It’s not going to improve performance in your situation (it might if it’s related to p2p usage, but not for casual day-to-day use), so… As I said before, though, that’s just me. I try not to Allow any traffic that I don’t absolutely need.
What model Westell modem do you have? Maybe we can find something…
Please go through there with a fine-toothed comb; I browsed thru and didn’t see anything about ICMP traffic. There may not be any controls over it; the interface is less detailed than a router, for sure. It actually looks very similar to my modem at home, as far as configurable options.
See what you can find in there. If you can’t find anything, I’d call the ISP and ask them about it.
