What's new

Enable or disable "Respond to ICMP Echo Request from WAN"

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

maxbraketorque

Very Senior Member
Is there any particular reason to want to enable or disable the "Respond to ICMP Echo Request from WAN" option on the firewall section?
 
Is there any particular reason to want to enable or disable the "Respond to ICMP Echo Request from WAN" option on the firewall section?

You don't want to respond to being pinged from the Internet. You want to remain hidden. You don't want anyone to know that you exist and to start banging on your IP address, looking for vulnerabilities.

Keep it disabled.

OE
 
I've got plenty of ports open to the internet for various services, so I'm not very hidden. I guess the key question is whether there is any security issue with having that enabled besides the hidden aspect which is a null point for my setup.
 
Its not a port its a service Internet Control Message Proto.
I
f you enable any sort of port/service you are potentially allowing a bad actor to gain a foothold into your network/device. The whole idea is to minimise attack vectors/surfaces not increase..

IP packets can be malformed in order to subvert SPI etc. Its a common method employed. ICMP "Ping" 28-byte packets alone are benign enough but if condensed/amplified/distorted can prove to be potent in infoSec terms .. Think DDoS (ION-Cannon)
Before any of that ICMP "Pings" can prove powerful in terms of recon alone.. Ping Hostname/IP-Range of networks. SYN attacks.. TCPFlood etc.. If not essential I would keep it disabled.

NB: as @ColinTaylor Highlights BQM monitor over on TBB forum (If this is purpose) for allowing PING to/from WAN?? I would rather run my own .py/js/.sh script and have that remote out to update a frontend UI or something.. But that's just me..
I suppose you could isolate/ Accept/Drop ICMP ping packets to ONLY be allowed from Origin of TBB BQM remote machine IP (range)

Good Luck.
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top