Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Amitc87 on April 19, 2010, 12:39:35 AM

Title: Disabling ICMP Echo Ping in Firewall
Post by: Amitc87 on April 19, 2010, 12:39:35 AM

I am a proud customer of avast! Internet Security 5.0.507 and have been really happy about my decision to switch to it from Norton 360.

However, I was recently taking the ShieldsUP! test from GRC, which scans your firewall for weaknesses.

(https://www.grc.com/image/su-pageheader.gif) (https://www.grc.com/x/ne.dll?bh0bkyd2)

After completing the test, the only weakness I found was:

--
Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.
--

So, I wanted to know how to disable ICMP Echo requests from the firewall. (The requests replied to ShieldsUP! in Public/High Risk Zone as well)

Thanks!

Title: Re: Disabling ICMP Echo Ping in Firewall
Post by: doktornotor on April 19, 2010, 08:38:49 AM

Quote from: Amitc87 on April 19, 2010, 12:39:35 AM

--
Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.
--

Well, I can't tell you how to do this w/ AIS since I'm using Avast Free - but I can safely tell you that the advice given on that site wrt ping is nonsense. You will not hide your system better by dropping ICMP echo request/reply packets - you will clearly advertise that there is a firewalled system instead (http://www.wilderssecurity.com/showpost.php?p=1293283&postcount=7). For details on Shield Up!, I refer you to my analysis of GRC FUD on Wilders Security forums (http://www.wilderssecurity.com/showpost.php?p=1293162&postcount=1). (Also, closed vs. stealthed myth is debated on that thread (http://www.wilderssecurity.com/showthread.php?t=216892).)

Title: Re: Disabling ICMP Echo Ping in Firewall
Post by: Hermite15 on April 19, 2010, 09:41:42 AM

not even mentioning that in 99% of cases, the "stealth ports" are the result of the router firewall policy, not the one in Windows. Always made me laugh when guys come posting that their new product (Comodo FW or else...) is perfect ;D ... I've seen this happen build after build during a beta testing, guys back from Shields Up, and dead proud, again and again...no need to tell them they will post it again ;D

Title: Re: Disabling ICMP Echo Ping in Firewall
Post by: wonderwrench on April 19, 2010, 06:47:10 PM

Amitc87 are you using a router? If so the change you want to make is in the router. If not I have no clue how to change the required setting in AIS as I use Avast 5 Free, windows 7 firewall and a D-link 655 router.

Title: Re: Disabling ICMP Echo Ping in Firewall
Post by: Hermite15 on April 19, 2010, 07:22:50 PM

@ the OP: if you really want to do it, although that makes no sense as explained above, open your AIS firewall advanced settings, from there go to "packet rules", and do what you want there. Be warned that "ping" is probably still enabled in your router though, so you'll have to deactivate it from there too ;D