# ICMP Echo requests.



## drp (Aug 18, 2010)

> Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers.


Is there an easy way to do this, without changing your firewall configuration? I think I want to silently drop the requests. I'm trying for stealth and invisibility, and trying to pass the GRC Shields Up test, which is where the quote came from. I would like to do this without changing my firewall configuration. I use:

```
firewall_type="workstation"
firewall_enable="YES"
```
in rc.conf and unless it's very easy to do, I'd like to avoid changing my firewall configuration and just configure this elsewhere. I have no reason that I know of to do anything other than silently drop or ignore the requests. I'm using FreeBSD for my home desktop.


----------



## SirDice (Aug 18, 2010)

drp said:
			
		

> Is there an easy way to do this, without changing your firewall configuration?


No, you'll need to reconfigure your firewall.



> I think I want to silently drop the requests.


Why?



> I'm trying for stealth and invisibility, and trying to pass the GRC Shields Up test, which is where the quote came from.


Those tests don't say anything. There's no 'danger' in responding to a ping request. Being 'stealthy' is also very overrated, you can also never be 'invisible'. To be honest, tests like that are pretty useless.


----------



## anomie (Aug 18, 2010)

drp said:
			
		

> Is there an easy way to do this, without changing your firewall configuration? I think I want to silently drop the requests. I'm trying for stealth and invisibility, and trying to pass the GRC Shields Up test, which is where the quote came from.



The GRC gang provides a very good service (and for a long time now) with their port scanner, but I wish they wouldn't push this erroneous idea of "stealth," defined as refusing to reply to ICMP echo requests. 

There are plenty of ways to harden your system's networking stack (lots of which FreeBSD does by default) by turning off unnecessary and dangerous features, but ICMP echo reply to a direct request to your host is _not_ one of those.


----------



## aragon (Aug 19, 2010)

GRC have put out some useful software over the years, but also too much sensationalist, misleading, garbage information.  JMHO...


----------

