Results 1 to 15 of 15
  1. #1
    New Lounger
    Join Date
    Apr 2010
    Location
    Indiana, USA
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    After reading "Preparing Windows XP for the long haul", "Review and update your PC's security system" by Fred Langa in the latest issue of the Window Secrets Newsletter I accessed Gibson's "Shields Up" and ran the Common Ports scan under services recommended in the article . All the ports were stealthly but the Ping test failed. "Ping Reply: RECEIVED (FAILED)". Narrative under the report states: "Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers."

    Since I am using Norton Internet Security 2010 I thought that this product should be able to address the issue with aplomb. Boy was I wrong! I have generally been quite satisfied with this product and assumed blocking inbound Ping request should be a snap for the firewall. I contacted NIS support via chat and the nightmare began. The support personal had no clue what a Ping request was or what I was trying to accomplish. After many hours of explaining (and re-explaining) what was happening and what I expected we terminated the session without resolution. I contacted support via chat again today hopping to reach another support person who had a little more knowedge. No such luck. I asked for an escalation and was transferred to a supervisor after a few more hours of going nowhere. Before long the chat connection crashed but the supervisor called back shortly. All but impossible to understand, we explored a few blind alleys and we finally gave up. Problem still unresolved but a promise that I would receive another call back from a "supervisory group" with 34 hours (why 34, just more strangeness).

    So that is the background of the issue. I'm looking for expert advice as to whether the NIS firewall can indeed be configured to block inbound Ping requests, while leaving all other services (desirable) functions working. I would be amazed that a product as advanced as this would not be easily configured to block these network threats. I am amazed that NIS support is so clueless.

    I am using a Dell desktop PC running XP (MCE). My network connection is DSL with a dynamic address (apparently a problem for the NIS firewall) via an Actiontec GT704-wr wireless gateway (router/modem).

    Looking for recommendations and opinions as to how best follow Gibson's advice and block these nefarious intrusions.

    Thanks to any who took the time to read and/or respond to this.

  2. #2
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts
    This article about NIS 2001 says it blocks ping requests by default and explains how to permit them: How to configure Norton Internet Security or Norton Personal Firewall to allow ping requests. I imagine the interface has changed over the past 10 years, but maybe it will help uncover where the relevant portion of the UI is hidden?

  3. #3
    Super Moderator Deadeye81's Avatar
    Join Date
    Dec 2009
    Location
    North Carolina, USA
    Posts
    2,654
    Thanks
    7
    Thanked 113 Times in 97 Posts
    Hi Gerald, and welcome to the Lounge!

    If your ISP supplied your modem router, then you may need to contact them for the appropriate setting on the router firewall to forbid replies to ECHO requests. Your router documentation may help you also. Even if your can set Norton Firewall to forbid replies to ECHO requests, your router firewall is currently allowing ECHO replies. This could make any other computers on your home network vulnerable.

    Hope this helps.
    Deadeye81

    "We make a living by what we get, we make a life by what we give." Sir Winston Churchill

  4. #4
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,191
    Thanks
    48
    Thanked 985 Times in 915 Posts
    As Gerald said, it's your router not your PC. As all other ports are in stealth mode your router is protecting you - I would not bother making any more changes.

    cheers, Paul

  5. #5
    New Lounger
    Join Date
    Apr 2010
    Location
    Indiana, USA
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    This is my first time using this board so I'm not sure if this is the right place to respond, but here goes. jscher2000 tip with the link to the "How to configure the Norton Firewall . . . " shed a lot of light on the situation. I went into the General Settings section under the Advanced Firewall settings and the very first rule was "Default Allow Specific Inbound ICMP. There it was, staring us right in the face, and the Norton support group never had me look for it or knew it was already defined. But, the rule was not checked. That means, if I understand how things work here, that this rule is deactivated. Supports the concept that the NIS Firewall blocks Ping request by default. Something else you would have expected Norton Support to know.

    That tells me, as Gerald Shepard and P T state, that the issue is really with the router. The firewall in the router is presently disabled. When I had the router firewall enabled I was unable to synchronize the system clock (Internet Time Update) and had problems with some other things that I can't recall now. Looks like I need to revisit that issue. That is sure to be a new can of worms. The router was supplied by Verizon but my service is now provided by Frontier since the sale of the Verizon properties to Frontier. A lot of the Verizon tech support is still in place so this may not be as bad as expected. I'll check the manual too.

    At any rate, thank you to all that responded. The feed back was great and I really appreciate the help.

    gb

  6. #6
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,191
    Thanks
    48
    Thanked 985 Times in 915 Posts
    The router firewall should allow everything out, but nothing in. This is the base set up for all firewalls for home use. The only time you allow access into your router is if you run an FTP server on your PC that you want to be able to access from another location.

    Even though you have the firewall turned off, the leak test shows that nothing is allowed in, except ping. I would leave the router settings as they are because it is working almost exactly as the base setting above.

    cheers, Paul

  7. #7
    Silver Lounger
    Join Date
    Apr 2010
    Location
    Montréal
    Posts
    1,796
    Thanks
    33
    Thanked 52 Times in 51 Posts
    Mister Shepard, hello.

    As we are on the router-blocker topic, might I ask a question here. I have a new Dlink DIR 615 and doing some RTFM, yes, I did, I seem to understand that this AP remembers the URL that you want to connect to and then blocks off any other URL inbound save that one.

    Do you think that this is possible or I am misreading ? There is so much to read in this manual that I have not been able to find the text again to quote it, I will when I do.

    A nice evening to you. JP.

  8. #8
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,191
    Thanks
    48
    Thanked 985 Times in 915 Posts
    JP, that is correct. All firewalls worth their salt work like that - it's called "statefull".

    cheers, Paul

  9. #9
    Super Moderator Deadeye81's Avatar
    Join Date
    Dec 2009
    Location
    North Carolina, USA
    Posts
    2,654
    Thanks
    7
    Thanked 113 Times in 97 Posts
    Hi JP,

    As Paul said, all firewalls worth their salt work that way. Any firewall that does not do stateful packet inspection should be avoided. It is interesting that Apple's Airport Extreme router, which advertises many great features and benefits, apparently does not use stateful packet inspection in its firewall. I was shocked to say the least. In my opinion, a so called firewall without SPI is no firewall.
    Deadeye81

    "We make a living by what we get, we make a life by what we give." Sir Winston Churchill

  10. #10
    Silver Lounger
    Join Date
    Apr 2010
    Location
    Montréal
    Posts
    1,796
    Thanks
    33
    Thanked 52 Times in 51 Posts
    Good morning and thanks, PT, for the link to "statefull", good reading.

    To Ted also now, I was under the impression that an AP would be the only IP seen on the WEB and thus was sort of a "gate" that would not be open. Seems to me that Statefull is much better. It is my first understanding of what this new Dlink can do, a DIR 615.

    To further protect the LAN-WAN here, it was very easy to only allow the four laptops here access to the AP. I do not have it encrypted, to me this is just as good a protection. Is it ? The outgoing packets can surely be intercepted but the populace here in the boonies are beyond it all. I once saw a Blackberry that had logged into this new AP, I "revoked" it and then got the "only allow" setup done. There are some tourists milling about.

    Your knowledge being tapped is appreciated. JP.

    Edit: tourists.

  11. #11
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,191
    Thanks
    48
    Thanked 985 Times in 915 Posts
    1. Use WPA, preferably WPA2. If you don't use encryption all your data, including passwords, are sent in clear text and bad guys can read your data and use your wireless to attack your system.
    2. Don't bother to limit MAC addresses - they are very easy to spoof. Same for turning off the SSID - waste of time.

    cheers, Paul

  12. #12
    Silver Lounger
    Join Date
    Apr 2010
    Location
    Montréal
    Posts
    1,796
    Thanks
    33
    Thanked 52 Times in 51 Posts
    Hello Paul. You wrote :

    If you don't use encryption all your data, including passwords, are sent in clear text and bad guys can read your data

    Ah ! This is what my one-track mind forgot, outgoing can be read. It is not a real problem here as I am lost in some boonies. Back home in Montreal, things are different and there the AP is on WPA. Thanks for reminding me of the philosophy behind all this.

    I watch the connected IPs daily and so far I only saw one, a Blackberry. They can not connect again but as you mention as all is in the lcear, they can read all that is being sent. I will keep this in mind. There are now 7 users allowed on this AP, all kins.

    A gorgeous day to you. JP.

  13. #13
    5 Star Lounger
    Join Date
    Dec 2003
    Location
    Burrton, KS, USA
    Posts
    833
    Thanks
    0
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by Jean Parrot View Post
    Hello Paul. You wrote :

    If you don't use encryption all your data, including passwords, are sent in clear text and bad guys can read your data

    Ah ! This is what my one-track mind forgot, outgoing can be read. It is not a real problem here as I am lost in some boonies. Back home in Montreal, things are different and there the AP is on WPA. Thanks for reminding me of the philosophy behind all this.

    I watch the connected IPs daily and so far I only saw one, a Blackberry. They can not connect again but as you mention as all is in the lcear, they can read all that is being sent. I will keep this in mind. There are now 7 users allowed on this AP, all kins.

    A gorgeous day to you. JP.
    If you are unencrypted it is easy to watch your traffic and find the mac you are using. The hacker would then know the allowed mac address, can spoof it and log in at will without you ever knowing it as he is using a "trusted" mac as far as you can see. The simplest solution is to just use WPA2 and forget the filtering as PT has said.

  14. #14
    Silver Lounger
    Join Date
    Apr 2010
    Location
    Montréal
    Posts
    1,796
    Thanks
    33
    Thanked 52 Times in 51 Posts
    Mercy, hello.

    I agree with your note:

    >>> If you are unencrypted it is easy to watch your traffic and find the mac you are using. The hacker would then know the allowed mac address, can spoof it and log in at will without you ever knowing it as he is using a "trusted" mac as far as you can see. The simplest solution is to just use WPA2 and forget the filtering as PT has said.

    As I mentioned before, the boonies are my safeguard, here anyway. I am so far from civilization that it is no sweat here, nobody closer than 1000' , I have had 1 intrusion and when on the keyboard, I can watch the street ( street ??? ) for roadwarriors. I thank you for your input too, the more the merrier. At home, I do have WPA setup, thanks.

    So far, I have only setup the "allowed access" for us seven users. So far so good.

    Have a great evening, I am going to Sleep, martini are ready. JP.

  15. #15
    5 Star Lounger
    Join Date
    Dec 2003
    Location
    Burrton, KS, USA
    Posts
    833
    Thanks
    0
    Thanked 2 Times in 2 Posts
    I also am in the boonies with a 1/4 mile lane off of a dirt road. The closest neighbor is about 3/4 mile away and the next closest is 1 1/2 miles. I run my access totally open. If you need to check your e-mail come on down and park in my drive. (this far out in the sticks we have an open invitation to anyone that comes by to stop in for coffee... )

    I also manage wireless networks for Health facilities where security is very tight to say the least...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •