I have just changed my previous modem/router
Since I use eMule I have always had a policy of “stealth on a per-case basis” for my ports, and until yesterday I had a perfect behaviour on GRCShieldsUp (PASSED) using my old modem/router (I think it used a Bridged connection)
Solicited TCP Packets: PASSED — No TCP packets were received from your system as a direct result of our attempts to elicit some response from any of the ports listed below — they are all either fully stealthed or blocked by your ISP. However . . .
Unsolicited Packets: PASSED — No Internet packets of any sort were received from your system as a side-effect of our attempts to elicit some response from any of the ports listed above. Some questionable personal security systems expose their users by attempting to “counter-probe the prober”, thus revealing themselves. But your system remained wisely silent. (Except for the fact that not all of its ports are completely stealthed as shown below.)
Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since “Ping” is among the oldest and most common methods used to locate systems prior to further exploitation.
Since I am not so expert I am asking you what is the method to avoid that my router replies to those “ICMP Echo Requests”
The first one depends on your router make/model most of them have an option to block ping on the WAN interface, maybe click trough the settings or read the manual.
Second, the risk only risk is that someone who is looking for ‘active’ hosts to ‘attack’ knows your IP is live and responding, therefor it might be interesting to look for further security holes on that address, if you drop the packets and those that are only using ping-sweep to detect active hosts will probably skip your IP and move on to the next that does respond.
Basically ‘low’ risk, but in a multilayer security setup this is on of the things you could disable to make things harder for the ‘attacker person or infected machine looking to infect others etc’.
Unfortunately the only options I find are related to “Port Mapping” (language is Italian… sorry)
As you can see “Gestione Virtual Server” is “Virtual Server management” and the only Protocol Option that could fit is DMZ (?) that let you select “Any” ports (… i see *)
What is the drawback of using DMZ?
I read it has something to do to “Demilitarized…”
What kind of protocol is ICMP Echo Request?
What ports are addressed?
Most of the time they have put this option somewhere else, these are options to provide traffic trough the router (e.g. setup your pc for port-forward etc) not traffic TO the router.
Is there a “WAN” option or something that has to do with the external interface of this router? If you know make and model I could search online…
The model of the router (as you can see below) is “ADB Broadband - ADSL 2+ Wi-Fi N” and is the standard router that Italian Telecom gives you here in Italy.
“ADB Broadband” I see on Google that is a brand of Pirelli.
If I go in the Firewall tab and select “Activate” nothing changes with regard to “ICMP Echo Requests” (in fact it says that is “Base Protection / It blocks inward connections leaving unalterated DMZ, Virtual Server and Port Mapping configuration” (that’s the translation)
Is this thing connected via USB to your PC?
Can you verify the IP number on your PC and see if it is a private or public range number? If public it’s still bridging and the ping needs to be blocked by CIS.
I think this is a rebranded Star Net modem/router with a simplified interface. If you telnet to the ip address of the router it may tell you it’s from Star Net. If it is the same, the option to control inbound ‘Pings’ is usually under a menu heading something like ‘Advanced/Security’
I’ve attached a manual for a P.DG A4001N but it describes the full interface…
Open a command prompt and, assuming you haven’t disabled the telnet client, type:
telnet (the ip address of the router)
You should receive a login prompt, just use whatever details you use when you access the router via the browser.
Doing this may or may not tell you very much, but it may be possible, assuming you’ve explored all available options in the GUI to disable inbound PING requests, to manage this option via telnet. However, I’d suggest asking your ISP, if that’s who supplied the modem/router…