Block responding to Ping (ICMP Echo) requests

[Bogey62 0]

How can I set ESET Internet Security to block my computer from responding to Ping (ICMP Echo) requests?

 

Thank you!

[itman 1,659]

Normally these are blocked by your router's firewall.

Eset default firewall rules block ICMP echo reply request to non-Trusted Network sources.

[Bogey62 0]

53 minutes ago, itman said:

Normally these are blocked by your router's firewall.

Eset default firewall rules block ICMP echo reply request to non-Trusted Network sources.

 

This is what I thought too, but when I go to https://www.grc.com/

and run the Shields Up test for Common Ports, it says my system is responding to Ping requests.

On my old router I could turn off Allow Incoming Ping Requests, but on the new router I have I can't find a similar setting.

ESET is allowing my system to respond, as is the new router.

[itman 1,659]

34 minutes ago, Bogey62 said:

This is what I thought too, but when I go to https://www.grc.com/

and run the Shields Up test for Common Ports, it says my system is responding to Ping requests.

The Gibson Research tests are being performed against your router settings. Hence the failure to echo reply test. To use this web test to test Eset's firewall, you will have to temporarily disable your router's firewall.

[Bogey62 0]

13 hours ago, itman said:

The Gibson Research tests are being performed against your router settings. Hence the failure to echo reply test. To use this web test to test Eset's firewall, you will have to temporarily disable your router's firewall.

Thank you!

[Nightowl 202]

19 hours ago, Bogey62 said:

Thank you!

It is better to set your router to block/reject all incoming and only allow outgoing, also with ping being blocked.

So you can protect other devices that can connect to internet and doesn't have a security software , like your TV.

[Bogey62 0]

4 hours ago, Nightowl said:

It is better to set your router to block/reject all incoming and only allow outgoing, also with ping being blocked.

So you can protect other devices that can connect to internet and doesn't have a security software , like your TV.

Yes, but the problem with this new router from the fiber service is that it doesn't seem to have a mechanism to block ICMP (ping) requests. It responds to them. My Netgear router for cable had that option in plain sight.

[itman 1,659]

FYI. Below is a screen shot of Eset firewall default rules in regards to IPv4 ICMP. As shown, it doesn't not allow outbound echo response traffic outside of the local subnet:

Edited February 5, 2021 by itman

[Bogey62 0]

3 hours ago, itman said:

FYI. Below is a screen shot of Eset firewall default rules in regards to IPv4 ICMP. As shown, it doesn't not allow outbound echo response traffic outside of the local subnet:

I'm running ESET Internet Security 14.0.22.0 and here is a screenshot of my Firewall Rules area. I don't have any of those settings that yours shows by default.

 

Thanks!

[itman 1,659]

4 minutes ago, Bogey62 said:

I'm running ESET Internet Security 14.0.22.0 and here is a screenshot of my Firewall Rules area. I don't have any of those settings that yours shows by default.

You have to enable the "Show built in (predefined) rules" setting to view Eset firewall default rules.

[Bogey62 0]

6 minutes ago, itman said:

You have to enable the "Show built in (predefined) rules" setting to view Eset firewall default rules.

OK, I see the same settings as you do now and they are enabled just like yours, but according to the Shields Up! web site:

 

"Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation."

 

I can't find any setting specific to this in my new router, unlike the one contained in my old Netgear router. I don't know how to kill this system from responding as it used to under my old router settings. ESET doesn't seem to be doing anything here. Is it the router itself responding? I'm not an expert at this by any means.

Edited February 5, 2021 by Bogey62

[itman 1,659]

11 minutes ago, Bogey62 said:

K, I see the same settings as you do now and they are enabled just like yours, but according to the Shields Up! web site:

 

"Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation."

This was explained previously.

You will have to bypass the router in able to test Eset firewall settings. This is usually done by temporarily disabling the router's firewall.

Again, the Shields Up test is testing your router's settings when one is present. The test cannot bypass the router nor will the echo request transaction be forwarded by the router to your device. The router is sending the echo response to the GRC web site server and this is what is shown in the test result.

If you don't believe, search the web on this test. There are multiple postings attesting to what I have posted.

[Bogey62 0]

2 minutes ago, itman said:

This was explained previously.

You will have to bypass the router in able to test Eset firewall settings. This is usually done by temporarily disabling the router's firewall.

Again, the Shields Up test is testing your router's settings when one is present. The test cannot bypass the router nor will the echo request transaction be forwarded by the router to your device. The router is sending the echo response to the GRC web site server and this is what is shown in the test result.

If you don't believe, search the web on this test. There are multiple postings attesting to what I have posted.

Yes, I re-read that information. Thank you for all of the replies on this matter. I appreciate your time.