Your forum username:
Do you already have an account?
Forgot your password?
  • Log in or Sign up


    Welcome to Sky User - The Unofficial Support Forum for everything Sky! - Proudly helping over 65k members.


    Advertisement

    Page 1 of 2 12 LastLast
    Results 1 to 10 of 11

    Security options?

    This is a discussion on Security options? within the Sky Router forums, part of the Sky Broadband help category; Please don't disable ping! Without this, MTU autodiscovery can't work and you're going to suffer from bad speeds on many ...

    1. #1
      mrmojo's Avatar
      mrmojo is offline Sky User Member
      Exchange:
      Broadband ISP: Base
      Router:
      Sky TV:
      Join Date
      Aug 2006
      Posts
      90
      Thanks
      0
      Thanked 0 Times in 0 Posts
      Please don't disable ping! Without this, MTU autodiscovery can't work and you're going to suffer from bad speeds on many routes. It's enabled for a reason -- there is utterly no reason to shut it off.


    2. Advertisement
    3. #2
      Ratti3's Avatar
      Ratti3 is offline Sky User Member
      Exchange:
      Broadband ISP: Sky Max
      Router: Netgear V1 DG834GT
      Sky TV: Sky+
      Join Date
      Aug 2006
      Location
      Brighton, UK
      Posts
      304
      Thanks
      0
      Thanked 0 Times in 0 Posts
      Do you have any links to back up this claim?

      Thanks

      Taken from the Netgear router page itself:
      Respond To Ping On Internet Port

      If you want the DG834GT to respond to a 'Ping' from the Internet, click this check box. This can be used as a diagnostic tool. This can be a security problem. You shouldn't check this box unless you have a specific reason to do so.

    4. #3
      mrmojo's Avatar
      mrmojo is offline Sky User Member
      Exchange:
      Broadband ISP: Base
      Router:
      Sky TV:
      Join Date
      Aug 2006
      Posts
      90
      Thanks
      0
      Thanked 0 Times in 0 Posts

      Well, netgears wrong in so much its a security problem, because it isn't. http://en.wikipedia.org/wiki/Maximum_transmission_unit says "RFC 1191 describes "Path MTU discovery", a technique for determining the path MTU between two IP hosts with a view to avoiding IP fragmentation. Path MTU discovery works by setting the DF (Don't Fragment) option in the IP headers of outgoing packets—any device along the path whose MTU is smaller than the packet will drop it, and send back an ICMP "Destination Unreachable (Datagram Too Big)" message containing its MTU, allowing the source host to reduce its assumed path MTU appropriately. The process repeats until the MTU is small enough to traverse the entire path without fragmentation."

      If you are blocking ICMP (which will be what it's doing when you block pings) then you've got no chance of getting the message to turn your MTU size down.

    5. #4
      Ratti3's Avatar
      Ratti3 is offline Sky User Member
      Exchange:
      Broadband ISP: Sky Max
      Router: Netgear V1 DG834GT
      Sky TV: Sky+
      Join Date
      Aug 2006
      Location
      Brighton, UK
      Posts
      304
      Thanks
      0
      Thanked 0 Times in 0 Posts
      Ok thanks I'll investigate, the default MTU sent by this router is 1500 and can br easily changed, I suggest a value of 1458. There are plenty of routers out there with the ping option deselected by default.

      Also if you read a bit further down the wikipedia page you'll see why its a security issue.

    6. #5
      NewsreadeR's Avatar
      NewsreadeR is offline Site Founder
      Exchange: Marshalls Cross
      Broadband ISP: Sky Broadband Unlimited
      Router: Sagem F@ST 2504n
      Sky TV: Sky+HD box
      Join Date
      Aug 2006
      Location
      St Helens
      Posts
      22,211
      Thanks
      108
      Thanked 373 Times in 304 Posts
      Blog Entries
      48
      moved till we can find out for definite




      ~ Never, ever, argue with an idiot. They'll drag you down to their level and beat you with experience ~

      Follow us on Twitter @skyuser

    7. #6
      mrmojo's Avatar
      mrmojo is offline Sky User Member
      Exchange:
      Broadband ISP: Base
      Router:
      Sky TV:
      Join Date
      Aug 2006
      Posts
      90
      Thanks
      0
      Thanked 0 Times in 0 Posts

      Quote Originally Posted by Ratti3 View Post
      Ok thanks I'll investigate, the default MTU sent by this router is 1500 and can br easily changed, I suggest a value of 1458. There are plenty of routers out there with the ping option deselected by default.

      Also if you read a bit further down the wikipedia page you'll see why its a security issue.
      Are you refering to the DoS thing? If so, that's not a security issue that can be solved - it would only provide protection at the ISP level, not at your level, since these ping packets are still being pushed down your line clogging it up.

    8. #7
      Ratti3's Avatar
      Ratti3 is offline Sky User Member
      Exchange:
      Broadband ISP: Sky Max
      Router: Netgear V1 DG834GT
      Sky TV: Sky+
      Join Date
      Aug 2006
      Location
      Brighton, UK
      Posts
      304
      Thanks
      0
      Thanked 0 Times in 0 Posts
      It will be quite rare/infrequent when you have serious MTU related problems when routers on the internet will not accept the default 1500 size MTU. When this happens you will know that there is a problem as you will have problems accessing the site/service.

      At that point you can try and enable the ping option and see if that fixes your problem or set a lower default MTU, 1410 maybe?


      There is some info on MTU problems with the BT network back in 2003 which I believe has been sorted now:
      http://bbs.adslguide.org.uk/showthre...s&Main=2254961
      http://bbs.adslguide.org.uk/showthre...hs&Main=186041

      PS In case your wondering how I came to the conclusion in the first paragraph, I asked a CCNA/MCSE expert at my workplace. Whether he is right or wrong I'll let you decide.

      Also when a PC is pinged by a hacker to see if it responds chances are he'll think there may be more weakspots and scan further. However the chance of finding you in the first place is like looking for a needle in a haystack, however its still a risk.

    9. #8
      mrmojo's Avatar
      mrmojo is offline Sky User Member
      Exchange:
      Broadband ISP: Base
      Router:
      Sky TV:
      Join Date
      Aug 2006
      Posts
      90
      Thanks
      0
      Thanked 0 Times in 0 Posts

      Oh well, I give up. ICMP is there for a reason and blocking it is stupid. Even if you disable ping the chances are that anyone with nmap will still be able to find even more important services on you. I have never heard of a hacker using ping when they can issue a proper nmap tcp scan and sort it out.

      So what you're basically saying is that to save yourself an absolutely inconsequantal security risk you should get rid of a good feature which will avoid headaches in the future. .

    10. #9
      Ratti3's Avatar
      Ratti3 is offline Sky User Member
      Exchange:
      Broadband ISP: Sky Max
      Router: Netgear V1 DG834GT
      Sky TV: Sky+
      Join Date
      Aug 2006
      Location
      Brighton, UK
      Posts
      304
      Thanks
      0
      Thanked 0 Times in 0 Posts
      It would be good if other people put their input on this.

      I have had this option disabled on my previous router for 3 years and never noticed any problems.

      But people can read what you have said and can decide if they want to turn that option off or not.

    11. #10
      SatDish's Avatar
      SatDish is offline Site Founder
      Exchange: Gravesend, NDGRA
      Broadband ISP: Virgin XXL 200
      Router: Non Sky Router
      Sky TV: Yes
      Join Date
      Aug 2006
      Location
      Kent, UK
      Posts
      5,206
      Thanks
      42
      Thanked 41 Times in 28 Posts
      Blog Entries
      1
      i cant even find it on my router
      "To help would be a great adventure"

     

     
    Page 1 of 2 12 LastLast

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •  
    SkyUser - Copyright © 2006-2017. SatDish and NewsreadeR | SkyUser is in no way affiliated with Sky Broadband / BSkyB
    RIPA NOTICE: NO CONSENT IS GIVEN FOR INTERCEPTION OF PAGE TRANSMISSION