NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Respond to Internet ICMP (Ping) Set on 2.5.1.8?
Just for a lark, I tried Gibson's "SheldsUP!" test against my Orbi running 2.5.1.8 and discovered that it responds to Internet ICMP (Ping) requests. https://www.grc.com/x/ne.dll?bh0bkyd2 (This may explain some of the DoS attempts that my Orbi keeps logging.)
I distinctly remember that I always keep this option "unchecked" except when doing an experiment here and there. And, I always uncheck it after the experiment. Now, the option is "checked" but "grayed out", which means that I cannot change it. Oh, fudge! Fortunately, I remembered that some nice forum member provided me a way to "uncheck" it with telnet:
config set wan_endis_rspToPing=0
If it's not too much bother, it would be interesting to hear how other Orbi's with 2.5.1.8 are set up.
- Is Respond to internet Ping checked or not?
- Is it grayed out or not?
(Or, some kind person could point out what stupid thing I did to change this from unchecked to checked and grayed out.)
Thanks
4 Replies
Well, now I have gone from puzzled to cranky. After "fixing" Respond to Ping, the option is now unchecked, but (a) is still grayed out, and (b) Gibson still reports that my Orbi responds to ICMP (Ping). Disconnected my cell phone from Orbi (to LTE) and I can ping the Orbi from my cell phone. I'm not trying to create World Peace here. I just want my Orbi to stop responding to Pings from the internet. Damn.
CrimpOn, I am also running v2.5.1.8 and respond to ping is unchecked. Yet if I ping my WAN IP address it answers a ping. I checked it and repeated the test, still answers ping. Uncheck again and it still answers ping. These pings are not logged in the routers logs, but yes, this can contribute to more DDOS attempts.
Do you have Dynamic DNS enabled? I disabled DDNS, but pings are still being answered even though it should not be answering them. The config value shows it is disabled.
root@RBR50:/# config show | grep -i ping
wan_endis_rspToPing=0
ookla_averageping=0If I enable it in the web GUI, then wan_endis_rspToPing=1 as it should.
So then I wondered if my cable modem is answering the ping, not the router. So I unplugged the cable between my modem and router and run a ping from my cell phone on LTE and my WAN IP still answers. Therefore the modem is answering this ping, not the router. I logged into my modem and the settings are configured by my ISP, nothing that I can set to disable it from answering a ping. I may have to contact them to have them disable answering ping on the modem, or if that is even supported.
tomschmidt wrote:Do you have Dynamic DNS enabled? I disabled DDNS, but pings are still being answered even though it should not be answering them. The config value shows it is disabled.
I do have DDNS enabled. For a test, I disabled it and the "Respond" box remains grayed out.
So then I wondered if my cable modem is answering the ping, not the router. So I unplugged the cable between my modem and router and run a ping from my cell phone on LTE and my WAN IP still answers.
With everybody "sheltering", I will have to plan a time to unplug the Orbi to make this test.
As an alternate test, I did a debug capture and had ShieldsUP! scan my IP. The WAN capture file clearly shows the ping come in and a ping response go back. The capture file says the response is from my IP adddress and has the MAC address of my Orbi WAN port.
The capture file has a lot of traffic from dynupdate.no-ip.com, but none of these packets are ICMP.
Thanks for the thoughtful response.
