Jump to content

"ShieldsUP" Fail grade for reply to Ping


frapper

Recommended Posts

When I go to Steve Gibson's "ShieldsUP" site https://www.grc.com/x/ne.dll?bh0bkyd2

whether in XP using the Comodo firewall or on machines running Win7 Home Premium running the Win7 firewall, I get the same result. Everything is fine except for responding to "ping" when I run the "common ports" test.

 

Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.

 

What can be done, and is this really an issue? Do all Win7 firewall machines fail in this? Why aren't all firewells set up to block this by default?

 

Also, is there a better lightweight firewall-only for XP? The machine runs MSSE and MBAM in realtime.

Link to comment
Share on other sites

Both Windows Vista Firewall and Windows 7 Firewall were "true stealth"

 

Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.

 

For Windows XP, I've heard favorable comments for Private Firewall: Intrusion Detection and Prevention, Security Data Analytics, Personal Firewall - Privacyware.

Link to comment
Share on other sites

I tested this on two new Win7 machines, a netbook and a desktop, both connected to a DSL modem and switch. Why would both fail if yours is "true stealth"?

Link to comment
Share on other sites

securitybreach

Most routers have the option to block ping requests (block anonymous WAN Requests or something similar) :

 

b1d053204424453.jpg

Link to comment
Share on other sites

I'm not a security expert, but the DSL modem* shows activity even when the machine(s) are shut down. I assume it's responding to random pings from the ISP to verify that it's "still there". That's what the ISP has told me. So couldn't it be the modem that responds to Steve Gibson's pings, and not the machine?

 

Adam, there is no router. It's a DSL modem that runs through a switch, and that's connected to Netgear powerline adapters for two other PC's in the house.

 

*Gigaset 4300 ADSL modem, Part # 060R-D148-A27

Link to comment
Share on other sites

PC Flank's tests say it's stealthed.

 

KqHUr.jpg

 

Recommendation:

 

All the ports we have scanned are Stealthed (by a firewall). So just continue following the fundamental security measures and regularly update your security software.

 

I also ran the full port scan at https://www.securitymetrics.com/ and everything came up "stealth" including the common trojan ports. Both tests used the Win7 firewall.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...