April 21st, 2004 06:46 AM
No, I thought of several things, like maybe stealing someone elses connection (like your neighbors), or maybe a satellite. But if it's your own home network then you don't need ICMP. As far as above and me telling the other member to turn his firewall on, sorry. I was only thinking of 3rd. party firewalls you were concerned about. If you want absolutely no firewall but want to block ping, then you are out of luck as far as I know. I've been in the business for some time and the only way to block/drop ICMP is to have something (firewall, IDS, iptable, ipchain) in the way between your box and the connection. A router with NAT, still a firewall in my eyes. Hell, even your own ISP is running some form of a firewall for you to some extent. Regardless, to block ICMP without some form of service, hardware, or software, is unknown to me.
One last thing. I understand the curiosity of wanting to test without a firewall, but if you already have one in place, and it's doing its job, then why remove it from the equation? I've tested with GRC and many other sites and specialists to find weaknesses on my box, but never without at least one firewall in place. Guess it's just me being paranoid. I hide behind two Linksys routers and three software firewalls. But it's not just my computer I protect, it's me, myself, and my information. All worth protecting.
April 21st, 2004 08:05 AM
Yes... W/O a firewall, along the same lines as disabling other uneeded services.
I am messing around with the no firewall theory catch brought up... occams razor if you will. Pooh brought up that you can't be fully protected...
So I am finally getting off my ass and trying out catch's POV. But there isn't too much documentation on this type of technique, so I am just scanning and removing whatever I find. I haven't gotten a chance to move on to UDP yet... I'm kinda working in the dark
We must keep in mind that Windows itself runs a good 10 - 20 UDP ports at all times for it's internal use and DLL calls (in some distros, DCOM), making an unpacket filtered computer a prime target for UDP exploitation and DDoSes.
Sorry about bringing up the firewall thread
April 21st, 2004 04:15 PM
Have you looked into tightening everything down via policy too?
For some good examples... look at the NSAs.
Some of it is a bit overkill...
The first time I used it... I didn't modify any of it and I could barely do anything on my system.
I now know how to work around and what to apply...
So, make sure you read the guides... or you'll be stuck like I was. (I didn't read at first... just applied).
is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
April 21st, 2004 04:24 PM
BTW: Shields UP is here: https://grc.com/x/ne.dll?bh0bkyd2 (for The Duck)
N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)
April 21st, 2004 08:40 PM
You would not need icmp in that case.
(kr5kernel at hotmail dot com)
Linux: Making Penguins Cool Since 1994.
April 21st, 2004 08:43 PM
How well can you trust Shield's UP or Syamntec? This much:
An error has occurred
Symantec Security Check is not compatible with your computer settings because:
Security Scan and Virus Detection do not work with your operating system. To run Security Scan and Virus Detection, you must be using Windows 98/ME, NT 4.0 Workstation/2000 Pro/XP, or Mac OS 8.1 or higher.
I guess Linux must be out of the reach of security vulnerabilities.... ;-)
(kr5kernel at hotmail dot com)
Linux: Making Penguins Cool Since 1994.
April 21st, 2004 09:28 PM
It has nothing to do with trust... it has to do with following directions
Requires Microsoft Internet Explorer 5.0 or higher or the latest version of AOL with ActiveX and scripting enabled.
April 21st, 2004 10:48 PM
You can only use these things as a guide.. If a malware is only listening on a port when it feels like it.. then it most likley not show on any of these tests..
How well can you trust Shield's UP or Syamntec?
In my work I have a Digital Meter that is accurate to 0.01% if the voltage is 5.0012Vdc then that is what it is.. But if I am measuring at the incorrect location.. then the result will be wrong.. or if the meter is set to the wrong range (ie AC instead of DC).. the readings are meaningless.. Is it the meters fault I am getting the incorrect results?
Thanks for reminding me of that resource.. To lazy to finish reading..
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
April 21st, 2004 11:33 PM
Ahem.... There's a huge hole in this conversation....
ICMP IS NOT RUN ON PORT 7!!!!! ICMP is it's own protocol that doesn't use ports like TCP/IP.....
ECHO is a TCP/IP service usually only implemented on *nix boxes that allows you to echo back to you the data you send to it for troubleshooting issues.
ICMP is often reported by firewall logs as port zero..... that is also incorrect but it's their way of doing it.
ICMP has several "message types", echo request, echo reply, destination unreachable etc.... These are ICMP "types"... each type has a number, type 8, type 10 etc.... they have nothing to do with a port seven ECHO....
These types are not correolated to ports.... they are entirely different..... It's important to know that little detail and I'm a little surprised that no-one else noticed/mentioned that in the answers before me...... The protocols are separated by their function, intent and application.
Please learn the _basics_ before "spouting off". You make yourselves look ignorant and you degrade the forum as a whole....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
April 22nd, 2004 12:12 AM
While we're on the subject of problems with this thread, the whole comment about ICMP mattering if you are wireless on your own network or someone elses (because they won't see the host or some BS like that)... is all a bunch of bullshit. Oddly enough both comments came from the same person, I think that person should keep their mouth shut and go read something, other than incorrect information. I know I said I'd stop flaming people, but two pieces of incorrect information in the same thread, seriously.. there's a problem with that. Making a mistake is one thing, but blatent misinformation is just wrong, wrong wrong.
Also I just want to point out the word usually in TS's post.... Because if you really wanted you could run an Echo Server in Windows. Infact there's a python script floating around AO with an echo server I wrote.
Anyways, if you don't want to use a firewall, then IPSec is a good thing to look into (Run gpedit.msc it's under security) and also the filtering on the adapters (connection properties --> tcp/ip properties --> advanced --> options) You can enable TCP, UDP and IP filtering. The first two are port based and the last is protocol based. If you aren't doing anything funky and only need TCP and UDP, then just permit those protocols, it'll filter everything else. If you need to add ARP then add it, or add everything except ICMP, or IGMP or whichever else you want it to filter. If you are unsure of the numbers to enter for the IP Protocol, a great resource is located @ http://www.networksorcery.com/enp/topic/ipsuite.htm. You can click on the protocols and find their protocol numbers.. ie. TCP = Protocol 6.
Anyways beyond that, disable NetBIOS over TCP if you don't need it, and then just search google for ports you find open.
I just reread grim_reaper1's post. I suggest you ignore everything he said. I understand that I flamed him earlier, but he's got some issues. Telling you to forward your ident port to .255? He's assuming a subnet mask of 255.255.255.0 which means x.x.x.255 is going to be your broadcast address. Every Device on your network will end up recieving that request, or it'll get dropped, depending on your routers settings, However something tells me your average home router would not drop broadcasts.. it doesn't seem like they're that intelligent. However another thing, port 113 is IDENT (about the only correct thing he's stated). If you use IRC your irc client is going to need port 113 to respond to ident requests. If you are using mirc you should check that box that says only enable ident when connecting. that way port 113 will only be open when you are connecting to IRC and closed the rest of the time. For minor networks you may not need ident, but for the larger networks IDENT is generally required.
As for a last thing, there's another thread, not sure where it is.. i'm sick and the room is spinning, however it has discussed this subject. It doesn't really matter if your computer responds to pings.... big flipping deal. They aren't going to break into your computer because your computer responds. It's just like stealthing your ports, who cares if they are stealthed... it's not the end of the world. So they know you have a system online, in the grand scheme of things, it affects nothing, as long as you have secured your system.....
I'm leaving because i'm gonna go pass out.
PS. I hope this makes sense.
IT Blog: .:Computer Defense:.
(Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".