Your forum username:
Do you already have an account?
Forgot your password?
  • Log in or Sign up


    Welcome to Sky User - The Unofficial Support Forum for everything Sky! - Proudly helping over 63k members.


    Advertisement

    Results 1 to 6 of 6

    Turning Off Respond to Ping on Internet WAN Port?

    This is a discussion on Turning Off Respond to Ping on Internet WAN Port? within the Sky Router forums, part of the Sky Broadband help category; Saw this mentioned somewhere on another post and tried it on my system. It now passes all security tests on ...

    1. #1
      youravinalarrrf's Avatar
      youravinalarrrf is offline Sky User Beta tester
      Exchange: MYBD
      Broadband ISP: Sky Broadband Unlimited
      Router: Sky Hub SR101
      Sky TV: Sky+HD box
      Join Date
      Sep 2006
      Posts
      326
      Thanks
      0
      Thanked 0 Times in 0 Posts

      Turning Off Respond to Ping on Internet WAN Port?

      Saw this mentioned somewhere on another post and tried it on my system.

      It now passes all security tests on www.grc.com (selecting the Shields Up test utility) where it failed before due to pings.
      (Running Nod32, ZoneAlarm Pro, Ewido Anti-Spyware)

      Anybody know why Sky would have Respond to Ping on Internet WAN Port enabled by default on the router? and the consequences of turning it off?


    2. Advertisement
    3. #2
      dingdong's Avatar
      dingdong is offline Sky User Member
      Exchange:
      Broadband ISP: Max
      Router:
      Sky TV:
      Join Date
      Sep 2006
      Posts
      591
      Thanks
      0
      Thanked 0 Times in 0 Posts
      Responding to pings is not generally considered a security risk by the likes of symantec http://security.symantec.com - a ping in itself nerver hurt anyone

      There is almost certainly a need to respond to pings otherwise the option would not be there. Most routers also have this set by default to respond.

      I have mine on, becuase i see no problem with leaving it that way, but i may create problems if i turn it off.

    4. #3
      Amaboknaai's Avatar
      Amaboknaai is offline Sky User Member
      Exchange: 01276 Camberley
      Broadband ISP: Sky Fibre Unlimited Pro
      Router: Sky Hub SR101
      Sky TV: Sky+HD box
      Join Date
      Aug 2006
      Location
      Copped Hall
      Posts
      227
      Thanks
      0
      Thanked 0 Times in 0 Posts
      By leaving it on, you can be the very unlucky recipient of a DOS (Denial of Service) attack. Lovely people, usually fools who are called hackers/phrackers write a script which will continually ping an IP address. This is an "intelligent" script which is (usually) sent out to hijacked pcs which all continually ping your WAN IP address. This is called a "ping flood" and it causes your connection to the 'Net to crash, since the amount of traffic attempting to ping your IP address overloads your router.

      There is no reason to have it turned on, other than to check your ping times from an external IP. Once you have done that and got some meaningless stats, turn it off...

      Leaving it on is not classed as a Security Risk, but unless you are running an industrial strength commercial router in a DMZ (which the Netgear DG834GT is certainly not) you will leave yourself open to this potential attack.
      Last edited by Amaboknaai; 29-09-06 at 11:50 AM.

    5. #4
      dingdong's Avatar
      dingdong is offline Sky User Member
      Exchange:
      Broadband ISP: Max
      Router:
      Sky TV:
      Join Date
      Sep 2006
      Posts
      591
      Thanks
      0
      Thanked 0 Times in 0 Posts
      OK thanks for that, i will turn it off. But i doubt anyone would really want to ping me out of existance (with the exception of satdish perhaps )

      You would soon detect it anyway.

      So what is the DOS protection for then on the Netgear?

    6. #5
      Amaboknaai's Avatar
      Amaboknaai is offline Sky User Member
      Exchange: 01276 Camberley
      Broadband ISP: Sky Fibre Unlimited Pro
      Router: Sky Hub SR101
      Sky TV: Sky+HD box
      Join Date
      Aug 2006
      Location
      Copped Hall
      Posts
      227
      Thanks
      0
      Thanked 0 Times in 0 Posts
      Not being an authority on Netgear's DOS protection, but, in all likelihood, it is a Linux utility stored in the VRAM of the router which will try and stop a ping flood by intercepting ping requests and killing the local respond to ping service. Normally this service will restart on rebooting the router if it enabled. Good security models turn off all services which are not required for normal service - by default, ICMP is disabled on firewalls in this model - seeing as though this device is a type of firewall, the recommendation would be to turn it off. Removing the temptation is better than resisting the temptation...!
      Last edited by Amaboknaai; 29-09-06 at 01:32 PM.

    7. #6
      ZZDave's Avatar
      ZZDave is offline Sky User Member
      Exchange: Hove SDHV
      Broadband ISP: Base
      Router:
      Sky TV:
      Join Date
      Aug 2006
      Location
      Brighton
      Posts
      27
      Thanks
      0
      Thanked 0 Times in 0 Posts
      In another discussion on another forum, the point was made that if you set ping response off, a ping request will get a "Host Unreachable" report returned, more-or-less confirming that there is a host at that address; whereas if your router was turned off or disconnected, the ping request would simply time out... so you might as well leave ping response turned on.

      ZZDave

     

     

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •  
    SkyUser - Copyright © 2006-2014. SatDish and NewsreadeR | SkyUser is in no way affiliated with Sky Broadband / BSkyB
    RIPA NOTICE: NO CONSENT IS GIVEN FOR INTERCEPTION OF PAGE TRANSMISSION | SEO by vBSEO