ICMP Echo requests.

D

drp

Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers.
Click to expand...
Is there an easy way to do this, without changing your firewall configuration? I think I want to silently drop the requests. I'm trying for stealth and invisibility, and trying to pass the GRC Shields Up test, which is where the quote came from. I would like to do this without changing my firewall configuration. I use:
Code: 
firewall_type="workstation"
firewall_enable="YES"
in rc.conf and unless it's very easy to do, I'd like to avoid changing my firewall configuration and just configure this elsewhere. I have no reason that I know of to do anything other than silently drop or ignore the requests. I'm using FreeBSD for my home desktop.
 
drp said:
Is there an easy way to do this, without changing your firewall configuration?
Click to expand...
No, you'll need to reconfigure your firewall.

I think I want to silently drop the requests.
Click to expand...
Why?

I'm trying for stealth and invisibility, and trying to pass the GRC Shields Up test, which is where the quote came from.
Click to expand...
Those tests don't say anything. There's no 'danger' in responding to a ping request. Being 'stealthy' is also very overrated, you can also never be 'invisible'. To be honest, tests like that are pretty useless.
 
drp said:
Is there an easy way to do this, without changing your firewall configuration? I think I want to silently drop the requests. I'm trying for stealth and invisibility, and trying to pass the GRC Shields Up test, which is where the quote came from.
Click to expand...

The GRC gang provides a very good service (and for a long time now) with their port scanner, but I wish they wouldn't push this erroneous idea of "stealth," defined as refusing to reply to ICMP echo requests.

There are plenty of ways to harden your system's networking stack (lots of which FreeBSD does by default) by turning off unnecessary and dangerous features, but ICMP echo reply to a direct request to your host is not one of those.
 
GRC have put out some useful software over the years, but also too much sensationalist, misleading, garbage information. JMHO...
 
You must log in or register to reply here.
Back
Top