TechSpot

How do I make my computer "unpingable"?

By gubar
Mar 4, 2008
  1. Hi,

    I've recently done an on-line security test. Everything was ok apart from one flag, that I can be "pinged". It advised me to sort this out though didn't advise how.

    I use comodo as a firewall, and have a bebox router.

    Any help appreciated,

    thanks,

    gubar
     
  2. kritius

    kritius TS Guru Posts: 2,084

    Where did you do the test?

    EDIT\\\

    Go to
    -Control Panel
    -Network Connections
    -With the right mouse button choose Properties from Local Area Connection
    -Choose the Advanced Tab
    -Choose Settings...
    -Choose the Advanced Tab
    -Choose Settings... for ICMP
    -deactivate Allow incoming echo request

    Should work.
     
  3. gubar

    gubar TS Enthusiast Topic Starter Posts: 105

    Hi,

    it was at grc.com.

    gubar
     
  4. kritius

    kritius TS Guru Posts: 2,084

    see above post.
     
  5. gubar

    gubar TS Enthusiast Topic Starter Posts: 105

    Thanks again for that,

    however I have tried, and still get the same results.

    On top of that, it seems that I have ports 21 (ftp), 23 (telnet) and 443 open. All others are ok.

    In my bebox settings, it says that the firewall is disabled but that intrusion prevention is on. I can't see a setting that allows the firewall to be switched on.

    Is there any way to make this completely secure? If there's any more info I can give just let me know.

    thanks,

    gubar
     
  6. kritius

    kritius TS Guru Posts: 2,084

    i would have thought that the comodo firewall would do just fine, I have the firewall in my router turned off and use comodo and ive never had had any problems.

    Is there an advanced setting when you go into the options on your router? Maybe called application sharing? If there is you may be able to close those ports, although before doing this I would maybe do some research or contact my ISP and find out if they are open for a certain reason.
     
  7. jobeard

    jobeard TS Ambassador Posts: 9,317   +618

    GRC.COM ping + stealth testing

    there are several 'entry points' to a network and each of them have different settings
    and therefore different results; consider:
    Code:
    modem-----[a]Router[b]------[c]system
    
    At point [a] is your public IP address. the settings in the router will control the reply to
    any ping from the internet.
    At point is your LAN router address (typically 192.168.x.x) and you want it to be pingable
    from all systems attached to that router. Typically, this address does not have a ping-control
    in the router anyway
    At point [c] is your system(s). Ping control here is provided by your firewall settings.

    While an external site like grc.com will always see your public ip address, it can not
    discover your router address nor the system(s) addresses UNLESS you allow a
    download to test from within your system (some sites will do this)

    Ports open vs stealth mode;
    Again, your firewall is in control here. UNLESS you have an FTPD server running,
    inbound unsolicited connections to port 20,21 should be blocked. The same is true
    for Telnet -- no inbound connections to port 23.

    When/if you use Telnet, it will open an outbound connection and talk across it
    even though the inbound is denyed :(

    For FTP, same idea, just be sure to issue the PASIVE command after you connect.

    Open port 443??
    Likely this is due to the manner of performing the test, as this is a contraticion in usage.
    Port 443 is the browser secured SSL port and it is created by an outbound connection.
    Traffic will flow in both directions, but never the inbound half first.

    edit:
    www.grc.com/
    click Proceed
    then click File Sharing; you SHOULD see

    Please Stand By. . .

    Attempting connection to your computer. . .
    Shields UP! is now attempting to contact the Hidden Internet Server within your PC. ..

    Your Internet port 139 does not appear to exist!
    One or more ports on this system are operating in FULL STEALTH MODE! ....


    Unable to connect with NetBIOS to your computer.
    All attempts to get any information from your computer have FAILED.​

    when complete click Common Ports; you SHOULD see
    Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise —
    was received from your system as a result of our security probing tests.

    Port
    Service
    Status Security Implications

    0
    <nil>
    Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

    21
    FTP
    Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

    22
    SSH
    Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

    23
    Telnet
    Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

    25
    SMTP
    Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

    79
    Finger
    Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

    80
    HTTP
    Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

    110
    POP3
    Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

    113
    IDENT
    Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

    119
    NNTP
    Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

    135
    RPC
    Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

    139
    Net
    BIOS
    Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

    143
    IMAP
    Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

    389
    LDAP
    Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

    443
    HTTPS
    Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

    445
    MSFT
    DS
    Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

    1002
    ms-ils
    Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

    1024
    DCOM
    Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

    1025
    Host
    Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

    1026
    Host
    Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

    1027
    Host
    Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

    1028
    Host
    Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

    1029
    Host
    Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

    1030
    Host
    Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

    1720
    H.323
    Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

    5000
    UPnP
    Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!​
    edit/
     
  8. Nodsu

    Nodsu TS Rookie Posts: 5,837   +6

    If you have a router, then all these online tests show what is open and allowed on your router. The firewall on your PC is secondary.

    Most routers have an option to disable ping. It may be called something very obscure, so you should see your router manual about this.

    These open ports may be forwarded on your router or the router itself may be accepting connections via these for remote management. Disable all management features of your router that allow access from the internet side. Again, see the manual about this.
     
  9. gubar

    gubar TS Enthusiast Topic Starter Posts: 105

    To everyone who's chipped in here - a big thank you.

    I done some googling about my modem settings, and it was indeed them. I've changed it appropriately and now all seems to be secure.

    thanks again,

    gubar
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...