Menu
Reply
  • 12.78K
  • 1.62K
  • 3.78K
Superuser
Superuser
438 Views
Message 11 of 17
Flag for a moderator

Re: Block ICMP requests


ravenstar68 wrote:

What hub are you using Shelke?


My ex-trial hub 3

______
Any opinions expressed by myself are entirely my own and do not represent Virgin Media in any way.
0 Kudos
Reply
  • 2
  • 0
  • 0
moosery
Joining in
409 Views
Message 12 of 17
Flag for a moderator

Re: Block ICMP requests

Received a SH3 yesterday - it also responds to PING according to grc and the link posted above. No settings available in the firewall for me either.

This is simply unacceptable to leave like this - I haven't had a router do this since, well, ever actually. I can't use the SH3 if this can't be turned off. 

Needs to be fixed fast, especially since the router offers other not so bright things like UPNP on by default. 

 

0 Kudos
Reply
  • 13.89K
  • 742
  • 4.86K
Superuser
Superuser
395 Views
Message 13 of 17
Flag for a moderator

Re: Block ICMP requests


moosery wrote:

Received a SH3 yesterday - it also responds to PING according to grc and the link posted above. No settings available in the firewall for me either.

This is simply unacceptable to leave like this - I haven't had a router do this since, well, ever actually. I can't use the SH3 if this can't be turned off. 

Needs to be fixed fast, especially since the router offers other not so bright things like UPNP on by default. 

 


UPnP is a useful feature - the only time it becomes an issue is when a router or device on the LAN responds to SSDP requests from the internet at large.

If you leave UPnP on and try the Shields up UPnP test the Hub 3 tests negative for UPnP exposure to the internet.

Ravenstar68

________________________________________


Only use Helpful answer if your problems been solved.

0 Kudos
Reply
  • 2
  • 0
  • 0
moosery
Joining in
384 Views
Message 14 of 17
Flag for a moderator

Re: Block ICMP requests


ravenstar68 wrote:

moosery wrote:

Received a SH3 yesterday - it also responds to PING according to grc and the link posted above. No settings available in the firewall for me either.

This is simply unacceptable to leave like this - I haven't had a router do this since, well, ever actually. I can't use the SH3 if this can't be turned off. 

Needs to be fixed fast, especially since the router offers other not so bright things like UPNP on by default. 

 


UPnP is a useful feature - the only time it becomes an issue is when a router or device on the LAN responds to SSDP requests from the internet at large.

If you leave UPnP on and try the Shields up UPnP test the Hub 3 tests negative for UPnP exposure to the internet.

Ravenstar68


 

Indeed - but if it were off by default on new routers, the IoT problem would pretty much not be a thing. 

Responding to PING and having uPnP on combine to make the perfect storm for someone with a baby monitor they haven't bothered to install properly.

 

But all that's off topic a bit - I'll be happy if they just fix the problem at hand? I really don't want to have to go back to modem mode again?! 

0 Kudos
Reply
  • 12.78K
  • 1.62K
  • 3.78K
Superuser
Superuser
380 Views
Message 15 of 17
Flag for a moderator

Re: Block ICMP requests

That IOT stuff is a mess, esp. given how it is like the wild west policy and security wise.

Too many people connect their new IOT device and do nothing more. Say for example a CCTV IOT device, they think it will allow them to secure their home by seeing what is going on when they need to.

The reality: they put it online with default known ports, default username and password, default remote admin on+default remote admin&password that is publicly known.

The end result? They created a way anyone on the Internet can monitor that home and in some cases, burglars use it to case out a home. When they check the webcam to see it is empty and get a sense of when it is generally empty. They clear out the house hard. They also contribute to DDOS.

It's worse that someone having a public facebook profile with their home address and then posting "I'm going on vacation for (duration.)" Which the Internet reads as "Come rob my house please, I beg you, I am desperate to be robbed."

______
Any opinions expressed by myself are entirely my own and do not represent Virgin Media in any way.
0 Kudos
Reply
  • 17
  • 0
  • 1
cooky560
Tuning in
347 Views
Message 16 of 17
Flag for a moderator

Re: Block ICMP requests

So in short, this security bug remains at large, guess I'll be spending money on a proper router then, get this sorted virgin

0 Kudos
Reply
  • 106
  • 0
  • 8
Tay
On our wavelength
44 Views
Message 17 of 17
Flag for a moderator

Re: Block ICMP requests

I can confirm nearly a year later the router still has the same ICMP responses with no way to shut it off. 

This is fairly rudimentary security that should be  on all systems.

 

It's annoying having to replace the router as this is one of the few that allows me to move my 5ghz wireless up into the high channels, my 5ghz wifi is currently sitting on channel 100.

 

 

0 Kudos
Reply