Block

[longhorn]

I made a security check at https://www.grc.com SHIELDSUP and my computer failed in the following point:
Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since “Ping” is among the oldest and most common methods used to locate systems prior to further exploitation.
How I can close/block my ping response? I have avast free antivirus, program version 7.0.1466 and virus def. is up to date.
I’m running windows xp pro sp3
 

[Pondus]

are you behind a ISP box or router with firewall?



what is the shields up test?
http://onlinearmorpersonalfirewall.blogspot.no/2008/03/what-is-shields-up-test.html

http://www.wincom7.com/blog/why-did-i-fail-the-shields-up-firewall-test/

[DavidR]

@ longhorn
The avast free antivirus is not a firewall and the firewall is the area of stealthing for your system. This stealth is achieved by your firewall not responding to unsolicited connections (external port scans, etc.) to your system.

So the real question is what is your firewall ?

[longhorn]

My firewall is windows firewall and I'm behind a netgera gateway, I did go into control panel/security center/windows firewall/ICMP settings and unchecked ererything but I'm still getting failed at www.grc.com common ports?

[DavidR]

Which ever is getting in first, either your netgear gateway (if it has a firewall) or the XP firewall ideally should ignore unsolicited inbound connection attempts, e.g. those not responding to an outbound request from the system. The XP firewall although basic (doesn't have outbound protection) is usually good at stealthing your system.

Not if you go specifically blocking a port, that is considered as bad a getting a response from your system on an unsolicited connection attempt as it signals that there is a system on the end of that IP address and port. If you did actually manage to block/close the ping port, ShieldsUp would still indicate a failure in stealthing as the blocked port is in effect a response.

In all honesty the windows XP firewall is damn old and pretty basic, you should consider getting a 3rd party firewall that provides outbound protection.

[schmidthouse]

3RD. Party Firewalls could include: OutPost FW
                                                 Online Armour FW
                                                 Private FW
I have tested These 3 (and others) over the years and have found them very effective, and aggressive Firewalls in both the FREE versions and PRO versions. 

[longhorn]

ok that sounds good, I'll check them out pick one try sheildsup again and let you know the results.
thanks. 

[Pondus]

if you checked the links i gave you above....you will see that if you are behind a isp box or router with a firewall, then it is the first firewall you are testing.....the test is not reaching your software firewall

[schmidthouse]

ok that sounds good, I'll check them out pick one try sheildsup again and let you know the results.
thanks. 

You are welcome.
On a side note, you may want to go into your profile/Account settings and UNCHECK " Allow users to Email me" as there are those spammers who will harvest Emails that are shown here in the Forum
Just saying.

[schmidthouse]

if you checked the links i gave you above....you will see that if you are behind a isp box or router with a firewall, the it is the first firewall you are testing.....the test is not reaching you software firewall

Good Point, thanks Pondus. 

[Para-Noid]

For what it's worth. I tested, using http://www.grc.com/intro.htm (click "services"), both Online Armor Free and Private Firewall.
Private Firewall proved to be more stealthy. 

[DavidR]

As expected all ports stealthed.

[schmidthouse]

As expected all ports stealthed.

Here also: ;

[Pondus]

Firewall ON or OFF ....it does not matter what i do as it is the firewall in my ISP box that control this



I can't pass a firewall test, what should I do?
http://ask-leo.com/i_cant_pass_a_firewall_test_what_should_i_do.html

[longhorn]

thnx schmidthouse for the info. on profile/Account settings and UNCHECK, done.
I did try both Online Armour FW an Private FW.
 
I liked Online Armour FW but just a little bulky for my Celeron CPU 2.40GHZ w/only 1GB of ram so I settled for Private FW and once I figure out all the right settings I shoul be fine.

As for the sheildsup test my results are the same with or without FW's installed.
Solicited TCP Packets: PASSED
Unsolicited Packets: PASSED
Ping Reply: RECEIVED (FAILED)

I had been stressing over it  ..... you know how newbies are 
but after I read Pondus post on: I can't pass a firewall test, what should I do?
http://ask-leo.com/i_cant_pass_a_firewall_test_what_should_i_do.html,
I can live with it, I feel my system is secure.

I also implemented more security and would like to throw it around and get some thoughts.