Re: How do I stop my PC from returning a "Ping"?

From: Jim Carlock (anonymous_at_10.10.com)
Date: 02/29/04 

Date: Sun, 29 Feb 2004 11:09:08 -0500

ZAP does stop ICMP packets from coming in. It does permit you
to send out packets and retrieve the incoming replies as well.

I would bet that he is behind a router, the router is getting the IP
address and using NAT to forward all information back to his
or her PC. The router probably can be set up to disable ICMP
packets, but sometimes that disables all outgoing packets, and
sometimes there's an option to drop incoming ICMP and permit
ICMP replies. It really depends upon the router/modem in use.

Sometimes DSL modems are configured with two IP addresses,
an internal IP address and an external IP address. I would imagine
that the same could be true for a cable modem as well. I just
haven't seen a cable modem like that yet. 

-- 
Jim Carlock
http://www.microcosmotalk.com/
Post replies to the newsgroup.
"Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in message
news:uF2R5xt$DHA.1464@tk2msftngp13.phx.gbl...
Good points.... :-)
Colin Nash [MVP] wrote:
> The "ping of death" (malformed ICMP packet causing freeze-up or
> bluescreen) hasn't been a problem since 95/NT.
>
> As for DoS attacks through sheer quantity of pings-- well the traffic
> is arriving at the host regardless of whether the host is replying to
> it.  On a large enough attack it won't matter if the host is replying
> or not.  It will still be flooded.  Plus, when was the last time
> someone orchestrated a distributed DoS attack against a residential
> user?
>
> Since a software firewall is already being used, it would be good
> idea to make sure its doing its job.  (Again, to the original poster:
> behind a router it really doesn't matter what you tell ZoneAlarm to
> do, because the router is the device that is actually assigned the
> public "Internet" IP address that the ShieldsUp site communicates
> with.  Unless the router has a setting to ignore ICMP echo requests,
> you'll have to live with the minor problem.  Perhaps the previous
> Internet provider was blocking this traffic before it even got to
> you.)
>
>
>
> "Lanwench [MVP - Exchange]"
> <lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in
> message news:eVY9wOo$DHA.2520@TK2MSFTNGP11.phx.gbl...
>> Hmmm, but "ping of death" attacks could be pretty major, should they
>> occur!
>>
>> I'd make sure inbound ICMP was blocked...along with *all* inbound
>> ports not absolutely needed (likely to be none on a home PC). I
>> don't have ZA, but I suggest to the OP that he/she look at the
>> documentation/help files. :-)
>>
>> Colin Nash [MVP] wrote:
>>> It's a fairly minor "problem."  Some would not even consider it a
>>> problem at all.
>>>
>>> Are you using a router or are you directly plugged to the cable
>>> modem?  If you have a router, then it is responding to the pings.
>>> The ShieldsUp site is actually talking to your router, and your PC
>>> is safely hidden behind the router.
>>>
>>> ZoneAlarm Pro, in its default configuration, does block replies to
>>> "pings" as far as I know.  Unfortunately, I don't have it so I can't
>>> test that.
>>>
>>>
>>>
>>> "Bill" <NoSpam@NoSpam.Com> wrote in message
>>> news:lmn2401o13heo7e7fkus318orqr5o76a95@4ax.com...
>>>> I just reloacted to AZ from FL and switched from Road Runner to
>>>> Comcast Cable,.  Now according to GRC's ShieldsUP, the only flaw in
>>>> my Windows XP Home system is that it returns anonymous pings:
>>>>
>>>> This is the error message I receive, Ping Reply: RECEIVED (FAILED),
>>>> Your system REPLIED to our Ping (ICMP Echo) requests, making it
>>>> visible on the Internet. Most personal firewalls can be configured
>>>> to block, drop, and ignore such ping requests in order to better
>>>> hide systems from hackers. This is highly recommended since "Ping"
>>>> is among the oldest and most common methods used to locate systems
>>>> prior to further exploitation.
>>>>
>>>> Interestingly enough ShieldsUp did not report this problem when I
>>>> was with RR.
>>>>
>>>> FWIW, I do have ZoneAlarm Pro, but have not fund any parameters I
>>>> can set to prevent my system from responding to these pings!  How
>>>> much of a problem is this really, and what can I do to keep my
>>>> systems from responding to these pings?
>>>>
>>>> TIA, Bill

Relevant Pages

  • Re: Solaris 10 IP Multipathing
    ... for obscure CPU spikes which drop ICMP echo packets and lead to ICMP failovers ... All ping targets must be in the same subnet as the primary interface. ... Since the default router is used as the first target, ...
    (comp.unix.solaris)
  • Re: Solaris 10 IP Multipathing
    ... disabled ICMP due to ping floods etc. ... Your point about setting up the ping list is a very good one. ... Since the default router is used as the first target, ...
    (comp.unix.solaris)
  • Re: Cant ping yahoo.com
    ... Have a wander through your router configuration, looking for 'ICMP', which is the protocol used by the ping and tracert commands, but not by DNS servers or web browsers. ...
    (microsoft.public.windows.server.sbs)
  • Re: Cant ping local computers
    ... >>Internet without any problems via a router connected to a DSL modem. ... They cannot ping each other. ... > Check to make that each Linux box does not have a firewall setup that blocks ... arping uses arp packets instead of icmp packets. ...
    (comp.os.linux.networking)
  • Re: Cant get home net work wizard to work
    ... PLEASE post all messages and replies in the newsgroups ... > I am trying to set a up a home net work using 2 pcs and a wired router / ... > pc one can ping the router and but not pc 2 ...
    (microsoft.public.windowsxp.network_web)