Theme

Welcome · log in · join

Forums → Social →

Open Forum → Re: ICMP requests totally blocked?

uniqs
6

« ISP technology question • dislocated Jaw? »

This is a sub-selection from ICMP requests totally blocked?

d4m1r join:2011-08-25	d4m1r to journeysquid Member 2015-Feb-17 10:49 am to journeysquid Re: ICMP requests totally blocked? No, he has a separate modem and router. I mentioned that when I told him to connect directly to the modem (no difference).
	· actions · 2015-Feb-17 10:49 am ·
Hard Harry7 join:2010-10-19 Narragansett, RI	Hard Harry7 Member 2015-Feb-17 3:05 pm What model modem does he have? Who is his ISP? You can also try connecting, then remoting into the router, and see if you can ping out from the router's diagnostic. This would eliminate any possibility it was a PC/Firewall/OS issue. Last, when the modem is connected direct to the PC, can you ping his public IP? That would tell if its a problem with inbound, outbound, or both.
	· actions · 2015-Feb-17 3:05 pm ·
John Galt6 Forward, March Premium Member join:2004-09-30 Happy Camp	John Galt6 Premium Member 2015-Feb-17 3:32 pm said by Hard Harry7: Last, when the modem is connected direct to the PC, can you ping his public IP? Very risky...
	· actions · 2015-Feb-17 3:32 pm ·
Hard Harry7 join:2010-10-19 Narragansett, RI	Hard Harry7 Member 2015-Feb-17 3:36 pm Risky? How do you figure that's risky? Were talking about a single user, not a companies mainframe. Its just for troubleshooting purposes. You think someone is going hack him in the couple of minutes his firewall is down?
	· actions · 2015-Feb-17 3:36 pm ·
John Galt6 Forward, March Premium Member join:2004-09-30 Happy Camp	John Galt6 Premium Member 2015-Feb-17 4:14 pm You're talking about an unsophisticated user connecting their computer directly to the Internet on a public IP...?? Yeah, that's a problem for him.
	· actions · 2015-Feb-17 4:14 pm ·
Hard Harry7 join:2010-10-19 Narragansett, RI	Hard Harry7 Member 2015-Feb-17 4:31 pm I am talking about isolating a technical problem. Sounds like your fear mongering to me. A good portion of the population of earth has their modem connected directly to PC and you act like I am asking him take his computer apart. Hell, OP even said he asked the user to bypass his router as the first step. How about we leave it to the OP what advice is good and which is not OK? I don't see you posting any answers. Considered yourself ignored.
	· actions · 2015-Feb-17 4:31 pm ·
John Galt6 Forward, March Premium Member join:2004-09-30 Happy Camp	John Galt6 Premium Member 2015-Feb-17 4:59 pm If you knew anything about it, you'd know that ICMP is blocked on many servers as part of hardening against attacks. You'd also know that port-scanning happens on every system...all the time. There could be infected computer on the same node, and it wouldn't take long (and I mean seconds) to be attacked. To blithely suggest that he remove a major protection against attack and infection is rather ignorant and ill-advised.
	· actions · 2015-Feb-17 4:59 pm ·
Hard Harry7 join:2010-10-19 Narragansett, RI	Hard Harry7 Member 2015-Feb-17 5:25 pm Actually I am going to remove the ignore just to have this discussion. First, criticising without offering alternative methods is rude and childish. Second, do not pretend to know what I do or do not know. Third, saying taking off the router is dangerous is like saying opening your door is dangerous. Yes, its a good idea to lock your door, but being afraid to open it is pure paranoia IMO. Last, what does servers blocking ICMP have anything to do with OP? Your comparing giant apples to tiny oranges.
	· actions · 2015-Feb-17 5:25 pm ·
John Galt6 Forward, March Premium Member join:2004-09-30 Happy Camp	John Galt6 Premium Member 2015-Feb-17 6:35 pm »www.sans.org/reading-roo ··· ated-477
	· actions · 2015-Feb-17 6:35 pm ·
John Galt6	John Galt6 to Hard Harry7 Premium Member 2015-Feb-17 6:42 pm to Hard Harry7 »www.owasp.org/images/2/2 ··· acks.pdf
	· actions · 2015-Feb-17 6:42 pm ·

John Galt6	John Galt6 to Hard Harry7 Premium Member 2015-Feb-17 6:43 pm to Hard Harry7 »citeseerx.ist.psu.edu/vi ··· type=pdf
	· actions · 2015-Feb-17 6:43 pm ·
John Galt6	John Galt6 to Hard Harry7 Premium Member 2015-Feb-17 6:43 pm to Hard Harry7 »www.hp.com/rnd/support/m ··· tion.pdf
	· actions · 2015-Feb-17 6:43 pm ·
John Galt6	John Galt6 to Hard Harry7 Premium Member 2015-Feb-17 6:43 pm to Hard Harry7 »www.utc.edu/center-infor ··· cpip.pdf
	· actions · 2015-Feb-17 6:43 pm ·
Hard Harry7 join:2010-10-19 Narragansett, RI	Hard Harry7 Member 2015-Feb-17 6:50 pm So the only thing you have to contribute to this thread is your opinion of what the OP should NOT do? Do you have anything helpful to contribute except your ability to copy pasta links from google?
	· actions · 2015-Feb-17 6:50 pm ·
journeysquid join:2014-08-01	journeysquid to John Galt6 Member 2015-Feb-17 9:23 pm to John Galt6 said by John Galt6: If you knew anything about it, you'd know that ICMP is blocked on many servers as part of hardening against attacks. LOL. Blocking ICMP will break a lot of things, and it certainly won't make you more secure. Also, ICMP != Ping.
	· actions · 2015-Feb-17 9:23 pm ·
John Galt6 Forward, March Premium Member join:2004-09-30 Happy Camp	John Galt6 Premium Member 2015-Feb-17 10:10 pm I am well aware of what ICMP and ping are... As to whether or not it makes a network more or less secure is entirely dependent on what the objectives and predilections are of the network operator. In an effort to move forward, perhaps the OP and his friend will find some utility in this: »www.pingplotter.com/
	· actions · 2015-Feb-17 10:10 pm ·
d4m1r join:2011-08-25 1 edit	d4m1r to journeysquid Member 2015-Feb-18 3:15 am to journeysquid Whow whow....Calm down guys. said by journeysquid: said by John Galt6: If you knew anything about it, you'd know that ICMP is blocked on many servers as part of hardening against attacks. LOL. Blocking ICMP will break a lot of things, and it certainly won't make you more secure. Also, ICMP != Ping. 1) He is using a DOCSIS 2 Scientific Atlanta modem and no, I cannot ping his public IP directly. 2) Exactly my point....Yes blocking ICMP might be more secure for a SERVER for SOME hardening objectives, but to block it for all retail cable internet subscribers?!? That is crazy...As a server owner, you can block them or unblock them yourself but you can't if your ISP blocks them for you....Is that even legal actually? It is almost like censorship/throttling. I forgot which ISP he is with specifically but after doing some researching, I see some big American ISPs have also completely blocked ICMP on their networks like Comcast, Charter, etc if I'm not mistaken....He is with a little guy. So millions of people can't even use ping/traceroute to troubleshoot connectivity problems....
	· actions · 2015-Feb-18 3:15 am ·
keyboard5684 Sam join:2001-08-01 Pittsburgh, PA	keyboard5684 Member 2015-Feb-18 3:58 pm As far as I know, no ISP would block ICMP on purpose. ICMP is not, despite some beliefs above, NOT a security risk. It may be blocked by cosnequence of NAT. NAT is being done by some ISPs (CGN) because they can not get any more IPv4 addresses. Try running some VOIP tests which would check latency, jitter and a few other cool things: »myspeed.visualware.com/index.php
	· actions · 2015-Feb-18 3:58 pm ·
mojorhino join:2007-09-24 Bartlesville, OK	mojorhino to Hard Harry7 Member 2015-Feb-18 4:25 pm to Hard Harry7 said by Hard Harry7: What model modem does he have? Who is his ISP? Am I missing this or has nobody answered this question
	· actions · 2015-Feb-18 4:25 pm ·
Hard Harry7 join:2010-10-19 Narragansett, RI	Hard Harry7 Member 2015-Feb-18 4:37 pm said by mojorhino: Am I missing this or has nobody answered this question Not exactly. He said its a "DOCSIS 2 Scientific Atlanta modem" so I figure a DPC2100, which is a stand alone device. As for the ISP, OP said he hasn't been able to find out yet. My guess is he uses Comcast, but all this should be confirmed.
	· actions · 2015-Feb-18 4:37 pm ·
mojorhino join:2007-09-24 Bartlesville, OK	mojorhino to d4m1r Member 2015-Feb-18 4:44 pm to d4m1r said by d4m1r: 2) Exactly my point....Yes blocking ICMP might be more secure for a SERVER for SOME hardening objectives, but to block it for all retail cable internet subscribers?!? That is crazy...As a server owner, you can block them or unblock them yourself but you can't if your ISP blocks them for you....Is that even legal actually? It is almost like censorship/throttling. I forgot which ISP he is with specifically but after doing some researching, I see some big American ISPs have also completely blocked ICMP on their networks like Comcast, Charter, etc if I'm not mistaken....He is with a little guy. Comcast, Charter, Cox, Time Warner do not block pings Some of the smaller ISP's do, personally I think it is out of fear or ignorance. Most help desks use pings to the modem or device behind the modem as a basic first step in determining whether a connection is up or down.
	· actions · 2015-Feb-18 4:44 pm ·
keyboard5684 Sam join:2001-08-01 Pittsburgh, PA	keyboard5684 Member 2015-Feb-18 5:08 pm said by mojorhino: I think it is out of fear or ignorance Smaller ones do this on occasion to stop DOS attacks. Small ISPs do not really have the bandwidth and mitigation techniques to deal with DDOS using ICMP, except to just block ICMP. If an ISP only has a DS3 or something, which happens, it is not hard to knock that ISP offline. But yes, I agree, ignorance. Like the ping of death days, never let go.
	· actions · 2015-Feb-18 5:08 pm ·

Forums → Social → Open Forum	« ISP technology question • dislocated Jaw? »
This is a sub-selection from ICMP requests totally blocked?