fvmb
-
Posts
8 -
Joined
-
Last visited
Kudos
-
fvmb gave kudos to itman in Ping ICMP Echo Reply Rule
Personally, I never was concerned about unsolicited incoming echo reply request since my router's firewall blocks them by default.
As far as Eset goes, I have it set to defaults in regards to Known Networks; i.e. use Windows Settings. The Win firewall is set to Public profile.
Also for the record, the Eset default inbound firewall rule for ICMP IPv4 does not specify Trusted Networks in its Remote setting field. This would be the proper setting for the other ICMP protocol settings other than Echo Reply. Bottom line - you have a bug in that default ICMP rule. -EDIT- Actually, it doesn't matter if external incoming echo reply requests are allowed since Eset will only allow corresponding outgoing echo reponse requests from the Trusted Network. The only concern would be an ICMP flood attack which Eset's IDS will detect and alert.
-
fvmb gave kudos to Marcos in Ping ICMP Echo Reply Rule
By default echo to ping from outside trusted zones should be blocked. Please check if you have trusted zones configured properly.
-
fvmb gave kudos to itman in Ping ICMP Echo Reply Rule
Below is a screen shot of Eset default firewall rule for inbound IPv4 ICMP including echo reply:
Assuming you want to block inbound IPv4 ICMP echo reply, you need to create a similar rule specifying only ICMP Type/code of "0" less the quote marks. Set the Name field to "Block incoming ICMP echo reply communication." Set Action field to Block. Set Protocol field to ICMP. Set Logging severity to "Warning" if you want the event to be logged. Checkmark the "Notify user" field if you want to alerted to block activity occurring. Click on the OK button to create your rule.
Your rule will now be positioned at the bottom of all prior existing rules. You now must position the rule using the arrow keys provided to immediately proceeding the existing default incoming ICMP rule. Click on the OK tab and any subsequent shown one to save your changes. Finally, reenter the Firewall rules editor and validate your rule is positioned correctly.
Note: Eset processes firewall rules in top-to-bottom order. Your created block inbound ICMP echo reply rule will always be executed prior to the existing allow one.
