What's new


  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!


New Around Here
I have a location that is unmanned for several months and would like to leave the ICMP ping feature "ON" to aid in trouble shooting. There are several open ports to access cameras, temp and power monitors as well as sequential power switchers. These have been open for years without issue. There are no active servers or other devices from which sensitive information could be stolen. However, there have been times when the devices become unreachable and it would be nice to know if it is an ISP problem or if the modem and router are down.

I have researched online resources and come across some saying it is not a real security problem to leave the echo on (thereby exposing the existence of the IP address and further exploration by hackers) and others stating that it is a true problem.

Any thoughts? Thanks!
The scanners/bots will still attempt to connect to your router (on common ports) whether you have enabled the ping response or not. Personally, I leave it enabled so I can monitor my internet connection's latency and availability (from the internet side). The real security issue is not ping but the other services that are exposed to the internet.
[QUOTE="I leave it enabled so I can monitor my internet connection's latency and availability (from the internet side). [/QUOTE]

Precisely, my wishes as well. I will be leaving it on. Thank you!
If you have already punched through your IoT devices to the public Internet, the least of your worries should be if ICMP is enabled on the router. It is just a matter of time before one of those IoT devices are compromised and at that point, the bad guys will be inside the network anyways.
"you have already punched through your IoT devices"

Yes, it's true. However, we have several additional parallel systems running - both of which are linked via radio and cellular. We're not fooling around here. In any case, the Internet connection and its devices are the first "go-to" solution. The others are all BU. If there is a way to further secure this path I am all ears.

Thank you!
Obviously we don't know your particular setup or any limitations that might impose; but the most common advise is to restrict access to your devices to the LAN only and run a local VPN server. Then all remote access is done through the VPN. That way you're only exposing one port (the VPN server) to the internet, and something like OpenVPN is about as secure as you can get.

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!