Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Airport Extreme Base: Block ICMP

G

groundstrike

macrumors newbie
Original poster
Nov 9, 2006
11
0
Alot of home router have the option to block ICMP traffic from the WAN. I can't seem to find this with the Airport Extreme Base Station. Using Gibson Research Corporation's Shields Up! I get the following messages:

Solicited TCP Packets: RECEIVED (FAILED) — As detailed in the port report below, one or more of your system's ports actively responded to our deliberate attempts to establish a connection.​

Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet.​

All other ports scanned came back with:

Closed - Your computer has responded that this port exists but is currently closed to connections.​

or

Stealth - There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!​

I'm no network guru, but shouldn't all port scan attempts come back as stealth? Shouldn't the router not respond to Pings on the WAN side?
 
netnothing

netnothing

macrumors 68040
Mar 13, 2007
3,806
415
NH
I'm just learning that no Apple router gives the option to stealth the ports on the WAN side, or to block ICMP requests.

Seems odd to me that Apple doesn't do this as just about every router has been doing this for ages!

Do people not see this as an issue?

-Kevin
 
M

macleod199

macrumors 6502
Mar 10, 2007
290
6
Apple seems more interested in enabling services via e.g. Wide Area Bonjour, than they are in making your connection invisible. One doesn't necessarily need to be invisible to be secure, you know.
 
C

ChrisA

macrumors G5
Jan 5, 2006
12,559
1,671
Redondo Beach, California
If you don't want your router to answer pings maybe port forwarding would help. Forward the ping to some IP address that does not exist on your network. This is a guess. I give it a 50% chance
 
B

bstreiff

macrumors regular
Feb 14, 2008
215
2
Blocking all ICMP can cause problems, as well. When I lived in the dorms at my college, if you blocked all ICMP packets, the resnet system would actually disable your port if you blocked them (since from its point of view, nobody was using it!)

What's funny is that they recommended you use Symantec's firewall product on Windows, which would detect the 'are you still there?' checks as portscans and highly recommend you block them. I had to help quite a few people in whitelisting it.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom