Set the router to accept pings or not?

pelikan

Diamond Member
Dec 28, 2002
3,118
0
76
When I do the DSL Reports tweak tests it says to enable pings. But Shields Up at grc.com says to not accept pings for security purposes.
Who is right?
 

Hakuryu

Member
Jul 27, 2004
31
0
0
I had some problems with games when I didn't have it enabled. The only thing disabling ICMP does it makes you invisible to people scanning, but if your firewall/etc is setup correctly, I can't see any reason not to allow them if you need it.

If I am wrong, please explain.
 

daveshel

Diamond Member
Oct 10, 1999
5,453
2
81
Depending on the type of network, opening this up can be very dangerous. If someone using a scanner can, for example, see a hole on a port that M$ servers use for authentication, they could potentially identify the IP address of your domain controller, which opens a can of worms. Of course, a couple of gaming boxes on a home LAN is another matter.
 

MedicBob

Diamond Member
Nov 29, 2001
4,151
1
0
Staying "hidden" is a better choice. You can enable ICMP, do the tests, and then disable it again.

If people can "see" you, they can usually identify what is stopping them, and possibly bypass/crack the firewall/router. Unless you are very quick about patching your firewall/router, if it can be, there are security holes that someone might use to get around the router.

The best security practice, not the easiest, but the best is to block 100% coming in and going out. Then open ports for only what is needed.
 

pelikan

Diamond Member
Dec 28, 2002
3,118
0
76
Thanks everyone. I made sure that pings are not accepted.
But on Netgear's online router set up I noticed that part of my IP address is entered in Default DMZ Server. There are four boxes for the address and it has my my IP address in three of the boxes but the last one is blank. I can't delete them. Is that a problem?
 

CJP

Senior member
Jul 23, 2002
512
0
0
I just set up a Linksys 802.11g router and I couldn't play multiplayer games until I enabled my computer in the DMZ. I don't think it's a problem though you'll want a good software firewall like ZoneAlarm for your PC in the DMZ (it opens up all your ports).
 

dc5

Senior member
Jul 10, 2004
791
0
0
Originally posted by: CJP
I just set up a Linksys 802.11g router and I couldn't play multiplayer games until I enabled my computer in the DMZ. I don't think it's a problem though you'll want a good software firewall like ZoneAlarm for your PC in the DMZ (it opens up all your ports).

because you have to enable port forwarding.
 

wfbberzerker

Lifer
Apr 12, 2001
10,423
0
0
Originally posted by: pelikan
Thanks everyone. I made sure that pings are not accepted.
But on Netgear's online router set up I noticed that part of my IP address is entered in Default DMZ Server. There are four boxes for the address and it has my my IP address in three of the boxes but the last one is blank. I can't delete them. Is that a problem?

thats how it should be. the first three parts of the ip address are just your internal network, and you would specify the number in the last box for which computer you want to have as the DMZ. for example, on my computer, my internal ip address for this particular computer is 192.168.1.101. so, if i entered 101 in the DMZ server, this computer only would be exposed. generally, you dont want to do this, its a lot safer to use port forwarding for a particular application.

p.s. to find out what your local ip is (you need it for port forwarding), go to start->run... and type in CMD.
then, in the command prompt, type ipconfig. it will tell you the ip of the computer youre currently on.
 

pelikan

Diamond Member
Dec 28, 2002
3,118
0
76
Originally posted by: wfbberzerker
Originally posted by: pelikan
Thanks everyone. I made sure that pings are not accepted.
But on Netgear's online router set up I noticed that part of my IP address is entered in Default DMZ Server. There are four boxes for the address and it has my my IP address in three of the boxes but the last one is blank. I can't delete them. Is that a problem?

thats how it should be. the first three parts of the ip address are just your internal network, and you would specify the number in the last box for which computer you want to have as the DMZ. for example, on my computer, my internal ip address for this particular computer is 192.168.1.101. so, if i entered 101 in the DMZ server, this computer only would be exposed. generally, you dont want to do this, its a lot safer to use port forwarding for a particular application.

p.s. to find out what your local ip is (you need it for port forwarding), go to start->run... and type in CMD.
then, in the command prompt, type ipconfig. it will tell you the ip of the computer youre currently on.

Cool. Then I'm all set. Thanks.