Ping reply failed/Security concern

Try3 said:

I ignored it the first time but you've now used that term again and I don't understand what you mean. I do not know if you mean something in particular.
It should have a firewall facing the outside world.

What I mean is that when you log into the modem's firmware's menu, there should be an option usually in the Security tab that allows for enabling a stealth mode to make it invisible to pings, etc. This modem lacks any security options, maybe it's hard coded without the possibility of customizing its configuration. Luckily I'm out of here in a few days back home where I do have my own LAN with a nice secure wired router.
As a side note, I'd assume if someone would want to hack my PC here, even though they would be able to detect the router, my PC would still be invisible to them right? at least using ping to detect it

Try3 said:

I'm quite fortunate with my current router.
Its manual can be understood by humans and its Firewall is shown clearly in its Advanced settings section.

Yes, even if a ping reaches your computer it should not respond to it if you have done the setting we've been discussing.


Mine is all WiFi.
My internet connection is my phone's WiFi hotspot & the phone's own data connection.
My router is one made to accept WiFi as its internet connection [as opposed to merely as a client device] - a WISP router.
My computers & printer are all connected to the router by WiFi. Only my HP desktop even has an ethernet socket.

Denis

At home everything is wired. I'm not a fan of wireless unless strictly necessary. So I guess we are opposites, lol. Thanks for your support, take care and good luck

You don't use a phone or IoT crap?

ICMP is layer 3 so this test will be testing your router if it replies with type 0 or type 8 then it will fail.

To do what you are trying to mitigate they would need to spoof data but it needs to send the packets to a layer 3 device first so to your router and then it goes from there. The test ethically has no reason to send beyond your router because that would be unethical.

Depending on how you setup your network or what you require from it then i would consider swapping the ISP router with your firewall'd router or just buy another router that has a firewall to replace your ISP one. You really should be doing this mitigation on the gateway where possible because its your front door.

- - - Updated - - -

I also find it strange that your ISP does not have a firewall on their router models because they should.

Malneb said:

ICMP is layer 3 so this test will be testing your router...

Doesn't matter on the layer, a router or computer or a host of devices will respond to an ICMP packet. The issue here is that the router is in front of the computer, thus the router will block or allow BEFORE it reaches the computer. The OP has ping allowed in the router...

F22 Simpilot said:

Doesn't matter on the layer, a router or computer or a host of devices will respond to an ICMP packet. The issue here is that the router is in front of the computer, thus the router will block or allow BEFORE it reaches the computer. The OP has ping allowed in the router...

Not true ICMP is a IP data packet type so this means it is sent to a host IP in this case it will be the routers ip or external ip /public ip what ever you want to call it and if you run shields up it even tells you this as it gives your external IP on the page as that is the IP it is testing. Lan side also means nothing when the request is coming from public IP space because it has no knowledge of the internal network.

For example when ever you ping or tracert you would see a local map of all the connected nodes if that was the case.

Without hacking and doing some other stuff, regardless the test is failing because it is testing the router. Yes it is good to disable ICMP on endpoints but the issues with the test is not localized.

You can ping a computer or device, dude... ICMP is the Internet Control Message Protocol and is used in NETWORKING.

If you used a crossover cable or a NIC that supports MDIX between two computers and each computer has its own static IP address, you should be able to ping each computer. No router is required...


Again, the router is IN FRONT of the computer. When Shields UP sends pings to PROBE certain ports (I believe the first 1024 out of 65,535) its hitting the router or modem FIRST. Not the computer. If ping is allowed in the router things "light up."

In other words, what is insecure is the router, not my computer. If a hacker would want to sneak into my computer, a ping would not succeed, he'd need to resort to some other technique, right?