ICMP router disabled why

November 19, 2010 at 06:43:55
Specs: Windows Vista
i logged into my router and found that

remote access for ICMP disabled

What does this mean ?


See More: ICMP router disabled why

Report •


#1
November 19, 2010 at 06:48:54
Ping the router, do you get a response?

How do you know when a politician is lying? His mouth is moving.


Report •

#2
November 19, 2010 at 06:58:19
when i ping using

ping 192.168.1.1 it pinged successfully. 0 % lost


Report •

#3
November 19, 2010 at 07:03:53
P98 remote access is one thing and deny icmp is another. Denying ping on the WAN interface is a first step to hiding your router on the internet.

Answers are only as good as the information you provide.
How to properly post a question: http://tinyurl.com/2fsqqmu


Report •

Related Solutions

#4
November 19, 2010 at 07:04:30
Internet Control Message Protocol (ICMP) is one of the Internet Protocols. It is used, amongst other things, by the Ping command.

Having is disabled means that no one can ping your router from the Internet. Not a bad thing as it means you are invisible to hackers trying to find a vulnerable computer.

If everything else works I would leave it as it is.

Stuart


Report •

#5
November 19, 2010 at 07:23:56
Well if a person from outside knows my ip address can that person perform a attack on me even if remote ping is disabled ?

Report •

#6
November 19, 2010 at 07:43:36
Sure they can attack. Happens all the time but most never review their router logs so they don't know. Hackers hit an entire subnet range to see what responses.

Answers are only as good as the information you provide.
How to properly post a question: http://tinyurl.com/2fsqqmu


Report •

#7
November 19, 2010 at 08:24:27
Hackers very rarely attach individual IP addresses unless they know there is something there to make it worth while.

They will scan a block of addresses and those that they get a response from are earmarked for further investigation. With ICMP disabled the hackers doesn't know whether it is because ICMP is disabled or the IP address just does no exist. So it will be ignored.

If an attacker knows your IP address and knows that there is a computer there, the are other steps you can take to protect yourself. Disabling ICMP is just the first line of defense in a line of defenses. Defense in depth as it is called in the military.

Stuart


Report •

#8
November 30, 2010 at 08:16:03
Wow, a lot of interesting comments in here about this.

First and foremost, ICMP is used as a general troubleshooting tool by network admins or by many network management systems to monitor whether a device is up or down.

It is also used as a mapping tool by attackers or as a means of an attack in itself. Disabling it does nothing more than mitigate (to a degree) the threat of what can be accomplished with ICMP.

By turning off ICMP, It does not 'hide' your device on the internet. It does not protect you from the 65,000 other ports which could potentially be open on your device (router, firewall, PC etc...).

While attackers may scan for active IP's, many actually target well known ports at all IP's e.g. tcp/1433 (SQL) or 21 (FTP) and see what sticks. Due to many people hardening their edge devices and one way of doing so is to control ICMP messages, a blind ICMP scan, while still common, isn't necessarily the primary way attackers map you to the world.


Report •


Ask Question