maxbraketorque
Very Senior Member
Is there any particular reason to want to enable or disable the "Respond to ICMP Echo Request from WAN" option on the firewall section?
Enable or disable "Respond to ICMP Echo Request from WAN"
- Thread starter maxbraketorque
- Start date
OzarkEdge
Part of the Furniture
You don't want to respond to being pinged from the Internet. You want to remain hidden. You don't want anyone to know that you exist and to start banging on your IP address, looking for vulnerabilities.
Keep it disabled.
OE
ColinTaylor
Part of the Furniture
maxbraketorque
Very Senior Member
I've got plenty of ports open to the internet for various services, so I'm not very hidden. I guess the key question is whether there is any security issue with having that enabled besides the hidden aspect which is a null point for my setup.
Its not a port its a service Internet Control Message Proto.
If you enable any sort of port/service you are potentially allowing a bad actor to gain a foothold into your network/device. The whole idea is to minimise attack vectors/surfaces not increase..
IP packets can be malformed in order to subvert SPI etc. Its a common method employed. ICMP "Ping" 28-byte packets alone are benign enough but if condensed/amplified/distorted can prove to be potent in infoSec terms .. Think DDoS (ION-Cannon)
Before any of that ICMP "Pings" can prove powerful in terms of recon alone.. Ping Hostname/IP-Range of networks. SYN attacks.. TCPFlood etc.. If not essential I would keep it disabled.
NB: as @ColinTaylor Highlights BQM monitor over on TBB forum (If this is purpose) for allowing PING to/from WAN?? I would rather run my own .py/js/.sh script and have that remote out to update a frontend UI or something.. But that's just me..
I suppose you could isolate/ Accept/Drop ICMP ping packets to ONLY be allowed from Origin of TBB BQM remote machine IP (range)
Good Luck.
If you enable any sort of port/service you are potentially allowing a bad actor to gain a foothold into your network/device. The whole idea is to minimise attack vectors/surfaces not increase..
IP packets can be malformed in order to subvert SPI etc. Its a common method employed. ICMP "Ping" 28-byte packets alone are benign enough but if condensed/amplified/distorted can prove to be potent in infoSec terms .. Think DDoS (ION-Cannon)
Before any of that ICMP "Pings" can prove powerful in terms of recon alone.. Ping Hostname/IP-Range of networks. SYN attacks.. TCPFlood etc.. If not essential I would keep it disabled.
NB: as @ColinTaylor Highlights BQM monitor over on TBB forum (If this is purpose) for allowing PING to/from WAN?? I would rather run my own .py/js/.sh script and have that remote out to update a frontend UI or something.. But that's just me..
I suppose you could isolate/ Accept/Drop ICMP ping packets to ONLY be allowed from Origin of TBB BQM remote machine IP (range)
Good Luck.
Similar threads
- Deleted member 89206
- ASUS AX Routers & Adapters (Wi-Fi 6/6e)
Similar threads
Similar threads
-
Disable VLAN (to enable same subnet for WIFi and Eth)
- Started by leerees
- Replies: 2
-
2.4Ghz still on Wi-Fi 6 even though already disable on setting
- Started by bagussatya
- Replies: 13
-
-
Using AdGuard as the default DNS server, is it safe to disable my browser Ad Blocker?
- Started by Logi
- Replies: 25