Page 1 of 3 1 2 3 LastLast
Results 1 to 20 of 42

Thread: ICMP Ping

  1. #1
    Join Date
    Sep 2004
    Location
    Loma Mar. CA
    Posts
    328

    Question ICMP Ping

    Hi Folks.
    I am using dial-up, and have the built-in Firewall in 10.3.9 enabled. When I ran a check (Shields Up) I find that port ICMP Ping is open (or at least causing an echo. See below.). All others are 'Stealth'. Why is this so? Is it a potential problem? If necessary how do I rectify?

    Results from scan of ports: 0-1055

    0 Ports Open
    2 Ports Closed
    1054 Ports Stealth
    ---------------------
    1056 Ports Tested
    NO PORTS were found to be OPEN.
    Ports found to be CLOSED were: 0, 1

    Other than what is listed above, all ports are STEALTH.
    TruStealth: FAILED - NOT all tested ports were STEALTH,
    - NO unsolicited packets were received,
    - A PING REPLY (ICMP Echo) WAS RECEIVED.



    Thanks in advance as always.
    CB
    It's a nice nose! I like it! It's chewy!!

  2. #2
    Join Date
    Jan 2002
    Location
    NW Montana
    Posts
    8,197

    Default Exact same with me

    Bill

    Exact same OS 10.3.9 and "2 closed ports 0, 1" here on my QS. I have a Linksys router that needs a firmware update. That might help. I have always been 100 percent "stealth" until recently. Take a look at this thread I started there is some good info. I have yet to take the time to fully fix things. - Randy

  3. #3
    Join Date
    Sep 2004
    Location
    Loma Mar. CA
    Posts
    328

    Thumbs up Hi RWM......

    Yes. It was in reading your thread that I jumped over to 'Shields Up' and ran the test. Good info which I appreciate. I'm not hooked to a router, just straight into the phone jack. An uneducated guess would suggest a 'closed' port isn't a huge problem, but if it's giving off an echo wouldn't that mean the port would be visible, and anyway, why wouldn't ports 0 & 1 be 'stealth'? As always I am poking around with something relatively minor wondering what and why!?!

    Thanks again.
    CB
    It's a nice nose! I like it! It's chewy!!

  4. #4
    Join Date
    Nov 2004
    Location
    Germany
    Posts
    2,352

    Default

    Hello Chris,

    just my 2 cents.

    Quote Originally Posted by Chris Billington
    1. Ports found to be CLOSED were: 0, 1
    2. A PING REPLY (ICMP Echo) WAS RECEIVED.
    1.
    0/tcp Reserved
    0/udp Reserved
    1/tcp TCP Port Service Multiplexer
    1/udp TCP Port Service Multiplexer
    both ports are closed by default on most Firewall-Systems.

    2.
    9595 udp pds Ping Discovery Service

    Routers have a feature called "ignore ping from WAN side" to ignore ICMP Pings.

    Link to Sygate's service to check thia again ShieldsUp.
    http://scan.sygatetech.com/prestealthscan.html

    Hope this is a bit of help

    Regards

    Nicolas
    Custom Configurations! Rad Hacks and Mods!

  5. #5
    Join Date
    Jan 2002
    Location
    NW Montana
    Posts
    8,197

    Thumbs up Better...

    Nicolas

    Thanks, that site/link reported everything as "BLOCKED" on my end.

    Also thanks, for the "reset" clairification on my other thread. - Randy

  6. #6
    Join Date
    Sep 2004
    Location
    Loma Mar. CA
    Posts
    328

    Thumbs up Hi Nicolas

    I ran two of the sygate scans straight away (Quick Scan and Stealth Scan.) All ports checked by these were reported as 'blocked' ie. stealthed. The ICMP scan (which I am thinking would yield a result directly relevant to the ICMP Ping supposedly closed but not stealthed) is marked on the Sygate site as 'This scan is not enabled yet.' ?? (As in "Darn"!!)
    But you know.......... Thanks very much for the resource. All this is exactly what I look for.

    CB
    It's a nice nose! I like it! It's chewy!!

  7. #7
    Join Date
    May 2001
    Location
    1hr N/W of LA LA Land
    Posts
    3,315

    Default

    Chris, Randy:

    My results were identical to yours with my Beige G3 10.3.9 through a hub into my DSL modem.

  8. #8
    Join Date
    Nov 2004
    Location
    Germany
    Posts
    2,352

    Default More Links and help if needed

    OSX is using the IPFW a powerfull firewall wich can be configured with the gui "Sharing" or by a config file.

    How to setup the IPFW
    http://www.ibiblio.org/macsupport/ipfw/

    also
    http://www.novajo.ca/firewall.html

    A helpfull site if you need to find a port or the service wich it is for
    http://www.securitystats.com/tools/portsearch.php

    Sunshield, a free tool for setting up IPFW via a gui (like Brickhouse)
    http://www.sunprotectingfactory.com/..._download.html

    Regards

    Nicolas
    Custom Configurations! Rad Hacks and Mods!

  9. #9
    Join Date
    Sep 2004
    Location
    Loma Mar. CA
    Posts
    328

    Thumbs up Thanks again Nicolas

    All bookmarked and stored for future reference and use.

    CB
    It's a nice nose! I like it! It's chewy!!

  10. #10
    Join Date
    Nov 2004
    Location
    Germany
    Posts
    2,352

    Smile Chris, Randy

    Glad to help a bit.

    Your welcome!

    Chris,
    with sunshield you can block ICMP pings, just checked it (turned off my routers FW).
    You can remove it easily if it is no longer needed, completely painless.

    Regards

    Nicolas
    Custom Configurations! Rad Hacks and Mods!

  11. #11
    Join Date
    Sep 2004
    Location
    Loma Mar. CA
    Posts
    328

    Talking

    I gotta say just one more thing. This site amazes me more times than not. I'm not even sure most times how to pose a question, but so long as I shake the tree, something useful drops into my hands. Jeez. And it's FREE.

    CB
    It's a nice nose! I like it! It's chewy!!

  12. #12
    Join Date
    May 2001
    Location
    1hr N/W of LA LA Land
    Posts
    3,315

    Default

    Quote Originally Posted by Chris Billington
    I gotta say just one more thing. This site amazes me more times than not. I'm not even sure most times how to pose a question, but so long as I shake the tree, something useful drops into my hands. Jeez. And it's FREE.

    CB
    Ditto that!

    Thanks Nicolas. I bow in your general direction.


  13. #13
    Join Date
    Nov 2004
    Location
    Germany
    Posts
    2,352

    Red face Forgot something

    You'll need two rules in your Sunshields ruletable to be able to ping out but not be pinged:

    1. allow incoming ICMP Types 0,3,11
    2. allow outgoing ICMP Types 3,8


    Then you have to config each rule then hit the Add button to create it. The two rules should show up in active rules now.

    00 = echo reply
    03 = is necessary for path MTU discovery to work correctly
    08 = echo request
    11 = time exceeded

    Thanks guys.

    Regards

    Nicolas
    Last edited by Nicolas; 08-07-2005 at 09:17 PM. Reason: pictures added
    Custom Configurations! Rad Hacks and Mods!

  14. #14
    Join Date
    Nov 2004
    Location
    Germany
    Posts
    2,352

    Question Hey Guys does SunShield work for you?

    Regards

    Nicolas
    Custom Configurations! Rad Hacks and Mods!

  15. #15
    Join Date
    Sep 2004
    Location
    Loma Mar. CA
    Posts
    328

    Cool G'Morning Nicolas.

    I put Sunshield on the machine as you suggested in the diagrams above. When I ran ShieldsUp again it showed the first two Ports as still being closed, but not stealthed. However, I had not re-started the G4 after installation as I have since thought I should've. At the time, I uninstalled Sun Shield untill I could play with it (this weekend) cuz this past week has been busy busy busy! (In fact I am about to leave for Overtime as I write!!)
    Any sugestions?
    Best......... CB
    It's a nice nose! I like it! It's chewy!!

  16. #16
    Join Date
    Nov 2004
    Location
    Germany
    Posts
    2,352

    Default

    Hello Chris,

    the rules I've postet above are only to avoid to be pinged.
    If you want to block the ports 0 and 1 you have to create one more rule.

    Regards

    Nicolas
    Custom Configurations! Rad Hacks and Mods!

  17. #17
    Join Date
    Sep 2004
    Location
    Loma Mar. CA
    Posts
    328

    Default Thanks Nicolas.

    What's the difference between blocking and avoiding being pinged? I mean from the point of view of functionality? And if I apply all the rules as you have laid out, will that affect my use of dial-up at all (since it's the only option I have!)?

    Equally Regards..... CB
    It's a nice nose! I like it! It's chewy!!

  18. #18
    Join Date
    Nov 2004
    Location
    Germany
    Posts
    2,352

    Default

    Hi Chris

    Quote Originally Posted by Chris Billington
    What's the difference between blocking and avoiding being pinged? I mean from the point of view of functionality? And if I apply all the rules as you have laid out, will that affect my use of dial-up at all (since it's the only option I have!)?

    Equally Regards..... CB
    In this case it is the same.

    With rules from post #13 you will block pings (you will be stealth to the internet).

    Rules in post #16 should stealth (not even close) the ports 0 and 1 (had no time to check this but, I will later today or tomorrow to be sure).

    Regards

    Nicolas
    Custom Configurations! Rad Hacks and Mods!

  19. #19
    Join Date
    Sep 2004
    Location
    Loma Mar. CA
    Posts
    328

    Default Nicolas

    Been playing with SunShield. Please would you check my work here. With the Pane where I am working with tcp, what do I specify in the section below 'Has protocol specific options'? I find the first two sets of instructions (for the incoming and outgoing icmp) in active rules, but I am at a halt with regards to the tcp.
    Thanks again.
    CB
    It's a nice nose! I like it! It's chewy!!

  20. #20
    Join Date
    Nov 2004
    Location
    Germany
    Posts
    2,352

    Default

    Hello Chris,

    looks like there is a space between the "," and the "1".

    must be 0,1.

    Quote Originally Posted by Chris Billington
    what do I specify in the section below 'Has protocol specific options'?
    There are no options needed here normaly.

    It will look like this if active (see picture please)

    Regards

    Nicolas
    Custom Configurations! Rad Hacks and Mods!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •