Case 1. I have a global ruleset that allows all outgoing IP traffic, and blocks everything else. I also have an application ruleset for ping.exe that allows outgoing ICMP “Echo Requests” and blocks everything else. There is no global or application rule that would allow incoming ICMP “Echo Replies”. My CFP is in the Custom Policy Mode. Despite all this, I can ping remote hosts, the echo replies are coming through.
I can specifically create the “Block incoming ICMP “Echo Reply”” rule in the global and application rulesets, and the ping still works.
Case 2. I have a global ruleset that allows incoming ICMP “Echo Requests” but specifically blocks outgoing ICMP “Echo Replies”. Despite this, a remote host can ping me.
Why are the "Block ICMP “Echo Replies” rules ignored in these cases?
Does CFP treat ICMP as a connection-oriented protocol, automatically allowing echo replies to come through because echo requests were allowed to be sent to particular host?
If it does, what is the point of having “ICMP Echo Reply” in the ICMP message list? There is no way you can create a working rule with this option, is there?
With CFW3 installed and running, Gibson Research’s “Shields UP” testing failed my computer because it replied to an ICMP ping request.
Yet ping requests should be blocked because the first rule in CFW Firewall/Advanced/Global is “Block ICMP in from IP Any to IP Any where ICMP message is ECHO REQUEST”
Seems like that rule is not effective. I’d appreciate any help in truely stealthing my machine.
I second Jasper2408’s suggestion. I want to add that many DSL modems serve as NAT routers, often without users knowing that they have that capability. I have a Westell 2100 modem which is configured to use NAT, but has no capability of blocking ICMP 11 inbound, so it also beeps at Gibson.