Best way to allow ICMP and be safe doing so

durango1

New member
Power User
VIP
Local time
8:56 PM
Messages
119
Hi, I was told awhile back that its best to turn off ICMP on the modem/router because it is a huge safety issue and so it has been that way for a long time now.

But sometimes i play games like BF4 (battlefield 4) and they send a ICMP request to show ping. Since i have ICMP blocked it shows "-" for my ping. And i get called a hacker or other names because they think im trying to hide something, which i am not.

So i went into my modem just now and i allowed ICMP on both traffic in and traffic out and now the ping works.

However now i am worred about security. What is the best way to do this to satisfy both needs?

thanks :)


UPDATE: did some googling and i guess the good news is that the modem/router appears to only allow 8 ICMP, 0 ICMP, 11/0 ICMP, 11/1 ICMP, 30 ICMP

  1. 0 - Echo Reply (ping response)
  2. 8 - Echo Request (ping request)
  3. 11 - Time Exceeded
I dont know what 30 is... i guess its traceroute

so is that better and safer to leave it on?
 
Last edited:

My Computer My Computer

At a glance

Windows 7 Professional 64bitCore i712GBAMD Radeon HD7670 1GB
Computer type
PC/Desktop
Computer Manufacturer/Model Number
HP Pav HPE h9-1110t
OS
Windows 7 Professional 64bit
CPU
Core i7
Memory
12GB
Graphics Card(s)
AMD Radeon HD7670 1GB
Hard Drives
160GB Main OS only Solid State
500GB Secondary
160GB Slave SCSI with interface board and cable
1 TB external HD
Cooling
Air
Mouse
Razor Mamba
One of the major cornerstones of personal computer security is Attack Surface Reduction.

When an attacker's ping receives a reply, a live potential target has been revealed. Forget the blatherings of the ignorant and let your common sense prevail.

Cheers :)
 

My Computer My Computer

At a glance

W7
Computer type
PC/Desktop
OS
W7
Nowadays having ping enabled is not that huge security risk as it was one day. The security function it fulfills is making it a little harder for an attacker to know that an host is at that address, but that can be known by other means. For home use, the normal presence of a NAT router in front of the network plus the fact that there is rarely anything listening makes an attack unlikely.

It's all about a tradeoff, security vs convenience. I don't find it to be great risk to be enabled, but there are reasons to worry.
Have a look here for a better explanation of the implication of each option: network - Security risk of PING? - Information Security Stack Exchange
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64Intel Core i7-740QM8 GB DDR3NVIDIA GeForce 330GT
Computer type
Laptop
Computer Manufacturer/Model Number
Toshiba Sattelite A665-S6092
OS
Windows 7 Ultimate x64
CPU
Intel Core i7-740QM
Memory
8 GB DDR3
Graphics Card(s)
NVIDIA GeForce 330GT
Screen Resolution
1366x768
Hard Drives
Samsung 840 SSD 500GB
1TB USB3 external HD
Cooling
Coolermaster Notepal U3 notebook cooling pad
Internet Speed
3mbps ASDL
Antivirus
ClamWin 0.98.7
Browser
Opera 12.17 x86 (main), Firefox 38 (sec), IE11 (last resort)
Back
Top