Go Back   MacRumors Forums > Apple Hardware > Mac Peripherals

Thread Tools Search this Thread Display Modes
Old Mar 29, 2008, 09:55 PM   #1
macrumors newbie
Join Date: Nov 2006
Airport Extreme Base: Block ICMP

Alot of home router have the option to block ICMP traffic from the WAN. I can't seem to find this with the Airport Extreme Base Station. Using Gibson Research Corporation's Shields Up! I get the following messages:
Solicited TCP Packets: RECEIVED (FAILED) As detailed in the port report below, one or more of your system's ports actively responded to our deliberate attempts to establish a connection.
Ping Reply: RECEIVED (FAILED) Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet.
All other ports scanned came back with:
Closed - Your computer has responded that this port exists but is currently closed to connections.
Stealth - There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!
I'm no network guru, but shouldn't all port scan attempts come back as stealth? Shouldn't the router not respond to Pings on the WAN side?
MBP C2D 2.33 2GB RAM X1600
Mac Pro 2-2.8Ghz Xeon 2GB RAM 8800GT
groundstrike is offline   0 Reply With Quote
Old Apr 2, 2008, 02:30 PM   #2
macrumors 68030
kbmb's Avatar
Join Date: Mar 2007
Location: NH
I'm just learning that no Apple router gives the option to stealth the ports on the WAN side, or to block ICMP requests.

Seems odd to me that Apple doesn't do this as just about every router has been doing this for ages!

Do people not see this as an issue?

2010 Mac Pro 2.8 Quad, 27" ACD - Mid 2012 MacBook Air
kbmb is offline   0 Reply With Quote
Old Apr 2, 2008, 03:41 PM   #3
macrumors 6502
Join Date: Mar 2007
Apple seems more interested in enabling services via e.g. Wide Area Bonjour, than they are in making your connection invisible. One doesn't necessarily need to be invisible to be secure, you know.
macleod199 is offline   0 Reply With Quote
Old Apr 2, 2008, 04:16 PM   #4
macrumors G4
Join Date: Jan 2006
Location: Redondo Beach, California
If you don't want your router to answer pings maybe port forwarding would help. Forward the ping to some IP address that does not exist on your network. This is a guess. I give it a 50% chance
ChrisA is offline   0 Reply With Quote
Old Apr 2, 2008, 04:36 PM   #5
macrumors regular
Join Date: Feb 2008
Location: Austin, TX, USA
Blocking all ICMP can cause problems, as well. When I lived in the dorms at my college, if you blocked all ICMP packets, the resnet system would actually disable your port if you blocked them (since from its point of view, nobody was using it!)

What's funny is that they recommended you use Symantec's firewall product on Windows, which would detect the 'are you still there?' checks as portscans and highly recommend you block them. I had to help quite a few people in whitelisting it.
Mac mini Late 2007 (1.8GHz, 2x2GB, 160GB)
Blackbook Late 2007 (2.2GHz, 2x2GB, 320GB)
bstreiff is offline   0 Reply With Quote
Old Jun 5, 2010, 09:39 PM   #6
macrumors newbie
Join Date: Apr 2008
Dropping ping responses does not make your connection invisible. See, for example, the explanation given here.
StandardPerson is offline   0 Reply With Quote
Old Apr 25, 2012, 12:20 PM   #7
macrumors member
Join Date: May 2009
trifero is offline   0 Reply With Quote

MacRumors Forums > Apple Hardware > Mac Peripherals

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Airport Extreme Base Station DrewDaHilp1 Mac Peripherals 1 Jun 13, 2013 12:11 PM
How do I make the firewall block ICMP echos? 0dev OS X 4 Nov 14, 2012 11:07 AM
AirPort Extreme Base Station LadyX Mac Peripherals 25 Oct 11, 2012 01:32 PM

Forum Jump

All times are GMT -5. The time now is 10:52 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2015, MacRumors.com, LLC