Menu
Reply
  • 13.16K
  • 1.66K
  • 4K
Superuser
Superuser
1,265 Views
Message 11 of 20
Flag for a moderator

Re: Block ICMP requests


@ravenstar68 wrote:

What hub are you using Shelke?


My ex-trial hub 3

0 Kudos
Reply
  • 2
  • 0
  • 0
moosery
Joining in
1,236 Views
Message 12 of 20
Flag for a moderator

Re: Block ICMP requests

Received a SH3 yesterday - it also responds to PING according to grc and the link posted above. No settings available in the firewall for me either.

This is simply unacceptable to leave like this - I haven't had a router do this since, well, ever actually. I can't use the SH3 if this can't be turned off. 

Needs to be fixed fast, especially since the router offers other not so bright things like UPNP on by default. 

 

0 Kudos
Reply
  • 16.98K
  • 931
  • 6.77K
Superuser
Superuser
1,222 Views
Message 13 of 20
Flag for a moderator

Re: Block ICMP requests


@moosery wrote:

Received a SH3 yesterday - it also responds to PING according to grc and the link posted above. No settings available in the firewall for me either.

This is simply unacceptable to leave like this - I haven't had a router do this since, well, ever actually. I can't use the SH3 if this can't be turned off. 

Needs to be fixed fast, especially since the router offers other not so bright things like UPNP on by default. 

 


UPnP is a useful feature - the only time it becomes an issue is when a router or device on the LAN responds to SSDP requests from the internet at large.

If you leave UPnP on and try the Shields up UPnP test the Hub 3 tests negative for UPnP exposure to the internet.

Ravenstar68

________________________________________


Only use Helpful answer if your problems been solved.

0 Kudos
Reply
  • 2
  • 0
  • 0
moosery
Joining in
1,211 Views
Message 14 of 20
Flag for a moderator

Re: Block ICMP requests


@ravenstar68 wrote:

@moosery wrote:

Received a SH3 yesterday - it also responds to PING according to grc and the link posted above. No settings available in the firewall for me either.

This is simply unacceptable to leave like this - I haven't had a router do this since, well, ever actually. I can't use the SH3 if this can't be turned off. 

Needs to be fixed fast, especially since the router offers other not so bright things like UPNP on by default. 

 


UPnP is a useful feature - the only time it becomes an issue is when a router or device on the LAN responds to SSDP requests from the internet at large.

If you leave UPnP on and try the Shields up UPnP test the Hub 3 tests negative for UPnP exposure to the internet.

Ravenstar68


 

Indeed - but if it were off by default on new routers, the IoT problem would pretty much not be a thing. 

Responding to PING and having uPnP on combine to make the perfect storm for someone with a baby monitor they haven't bothered to install properly.

 

But all that's off topic a bit - I'll be happy if they just fix the problem at hand? I really don't want to have to go back to modem mode again?! 

0 Kudos
Reply
  • 13.16K
  • 1.66K
  • 4K
Superuser
Superuser
1,207 Views
Message 15 of 20
Flag for a moderator

Re: Block ICMP requests

That IOT stuff is a mess, esp. given how it is like the wild west policy and security wise.

Too many people connect their new IOT device and do nothing more. Say for example a CCTV IOT device, they think it will allow them to secure their home by seeing what is going on when they need to.

The reality: they put it online with default known ports, default username and password, default remote admin on+default remote admin&password that is publicly known.

The end result? They created a way anyone on the Internet can monitor that home and in some cases, burglars use it to case out a home. When they check the webcam to see it is empty and get a sense of when it is generally empty. They clear out the house hard. They also contribute to DDOS.

It's worse that someone having a public facebook profile with their home address and then posting "I'm going on vacation for (duration.)" Which the Internet reads as "Come rob my house please, I beg you, I am desperate to be robbed."

  • 17
  • 0
  • 1
cooky560
Tuning in
1,176 Views
Message 16 of 20
Flag for a moderator

Re: Block ICMP requests

So in short, this security bug remains at large, guess I'll be spending money on a proper router then, get this sorted virgin

0 Kudos
Reply
  • 106
  • 0
  • 9
Tay
On our wavelength
874 Views
Message 17 of 20
Flag for a moderator

Re: Block ICMP requests

I can confirm nearly a year later the router still has the same ICMP responses with no way to shut it off. 

This is fairly rudimentary security that should be  on all systems.

 

It's annoying having to replace the router as this is one of the few that allows me to move my 5ghz wireless up into the high channels, my 5ghz wifi is currently sitting on channel 100.

 

 

  • 99
  • 3
  • 1
munrobasher
Dialled in
485 Views
Message 18 of 20
Flag for a moderator

Re: Block ICMP requests

And 10 months later, ping is still enabled:

https://i.imgur.com/9F4Fvmx.png
0 Kudos
Reply
  • 2
  • 0
  • 0
LeeGPS
Joining in
363 Views
Message 19 of 20
Flag for a moderator

Re: Block ICMP requests

Hi,

Did we ever get an answer on this, just got the same result from my Suberhub 3 on Shieldsup?

0 Kudos
Reply
  • 16.98K
  • 931
  • 6.77K
Superuser
Superuser
347 Views
Message 20 of 20
Flag for a moderator

Re: Block ICMP requests

If Virgin Media haven't changed it by now - do you honestly think that they will do so in the future?

FWIW - I'm actually with you in that that Virgin Media should be adding the facility to turn it off if users wish to.  However I will say that security by obscurity is a bad principle.  Indeed most hackers are looking for exposed services they can exploit.

Do you honestly not think that hackers would not and in fact have not already changed their tactics in response to the increasing use of ICMP echo hiding.

Shadowserver (a non profit organisation who scans the internet looking for exploits) uses other exploits to identify vulnerable computers such as mDNS or NTP queries.  The only difference between groups like Shadowserver and other hackers is that Shadowserver notifies ISPs of their findings who can then alert the users concerned.

TLDR version.

Having ICMP Echo response hidden has limited to no security value.  Indeed if you do a little digging you'll find that those who deal with internet security do not hold Steve Gibson (who runs GRC) in high regard.

Tim

Disclaimer: I do not work for Virgin Media.  The opinions expressed above are solely my own and should not be taken to be indicative of Virgin Media's opinions.

________________________________________


Only use Helpful answer if your problems been solved.