Dropping ICMP echo request

I installed my Comodo firewall (64 bit version) on my Windows 7 64 bit system and went out to Gibson Research Center’s Shields Up site to test it.


While it told me that the ports were all closed, I got a message that I failed because my system responded to an ICMP echo request rather than simply dropping the packet.

How do I configure to drop ICMP echo requests from the Internet zone?


This question has been asked and answered a dozen of times these last weeks.

Rather then saying again the same thing, you might do an advanced search using the words “grc”, “grc.com”, “icmp ping” in order to see all that has been said on the subject.

-icmp requests and echo reply have to be blocked in the firewall global rules
-even with these settings, ping can’t be “stealthed” when using some routers: some have a setting to disable ping, some do not; in this configuration, what you would be testing is actually not the computer, but the router itself, and the 2 only ways to overcome it for testing purposes are to temporarily unplug the router and use a modem, or to set the router to dmz specifying the local ip of the tested computer.

Ping replies aren’t actually as dangerous as GRC would like you to believe anyway.

Yes, if someone happens to ping you, they will be able to tell your computer is online. However, port scans will fail. If a port scan doesn’t show an easy access point, the hacker will move on because it’s a waste of time to hammer away at your system hoping for a weakness when there are countless easier targets around.

I of course agree, and said elsewhere that institutionnal websites are by definition visible on internet, and nevertheless supposed to be protected.