This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
and all ports come green (Stealth), however it fails the test because of the following:
"Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation."
Is there any way to fix this so to make the router completely stealth? Thanks
> [...] the ISP has placed another router between mine and the internet. > [...]
_Someone_ has. It could be your ISP; it could be your building management. I would expect an address like "192.168.0.x" to come from some (small-scale) local router, not from an ISP.
> [...] First time I see this.
It may not be the last. Especially if you don't deal directly with an ISP. (Or if your ISP uses CGN.)
> [...] my Nighthawk was set in AP Mode. [...]
You could go back to that kid of arrangement, but there are disadvantages that way, too. For example, your devices would then be on the same LAN subnet as those of any other user who also uses that same invisible router which is somewhere beyond your wall, Potentially, everyone in the building.
Thanks for your reply. I had that option greyed out since my Nighthawk was set in AP Mode. So I factory reset the router, set it in Router Mode, and the option you mentioned was made available. As you can see from screenshot the "Respond to Ping on Internet Port" is disabled, but the ShieldsUP! test still gives the same results, namely:
"Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation."
Any other setting that might be affecting this? Thanks
What do you mean by "in front of my router"? My router is connected directly to the internet (wired) and my PC is connected to the router wired too (I don't use wireless).
> What do you mean by "in front of my router"? [...]
Probably: Between your router and your (unspecified) ISP.
To what, exactly, is the WAN/Internet port of your router connected? (Hint: "The wall" is not a very informative answer.)
> [...] My router is connected directly to the internet (wired) [...]
"The Internet" is more complicated than you realize. Likelier than not, you're connecting your R7800 to some other router, and _that_ router responds to Ping (ICMP Echo) requests.
What is/are the IP address(es) of the R7800?
> [...] This is highly recommended since "Ping" is among the oldest and > most common methods used to locate systems prior to further > exploitation."
Rather dubious advice, I'd say. I doubt that disabling the "ping" response from the (invisible) router in your environment (of which you're unaware) would have much of an effect on your exposure to malefactors on the (actual) Internet. Relax.
There is a network cable from the ISP coming out of the wall which is directly connected to my Nighthawk, so in my apartment there is no other router other than mine. There could be a router in the building from which all apartments are fed, I have no idea about that, but will find out. When posting this issue I assumed that the ISP cable connected to my router is a peer to peer connection to my ISP with no router in between.
> [...] that the ISP cable connected to my router is a peer to peer > connection to my ISP with no router in between.
I'd guess not. Especially if anything worked when the R7800 was configured as a wireless access point. (And you're not a peer of your ISP, you're a client.)
> What is/are the IP address(es) of the R7800?
An answer to that might provide additional clues. The ADVANCED > ADVANCED Home page on the management web site ("routerlogin.net", ...) should provide the basic data.
You're right. the fact that the Nighthawk configured in AP Mode was able to supply an internet connection to my devices sounds as if there's another router somewhere between me and the ISP. The Advanced homepage shows 192.168.1.1 as the Router's IP address which of course is not the same as the WAN IP
> [...] The Advanced homepage shows 192.168.1.1 as the Router's IP > address which of course is not the same as the WAN IP
When configured as a router, the R7800 will have two IP addresses. Its default LAN IP address is "192.168.1.1". The critical datum is its WAN/Internet IP address. If that's some other private address, then you've confirmed that that interface is connected to some other router somewhere.
How can I check the Nighthawk's WAN/Internet IP address? The Advanced Homepage only shows the Router's IP Address which is the one I mentioned (192.168.1.1). If I open my PC's browser and go to https://whatismyipaddress.com/ it shows a Public address. Is that the Nighthawk's WAN IP?
How can I check the Nighthawk's WAN/Internet IP address? The Advanced Homepage only shows the Router's IP Address which is the one I mentioned (192.168.1.1).
Wherever the effective public IP address is associated - on some ISP router, on some Carrier Grade NAT router, ...
The Advanced Homepage does certainly show the Internet Port widget (or table section) aside of the Router Information, isn't it?
> [...] The Advanced Homepage only shows the Router's IP Address [...]
Look more closely? I'd expect it to subtly tucked away under ADVANCED > ADVANCED Home : Router Information : IP Address, but, if not, then I'd try ADVANCED > Setup > Internet Setup : Internet IP Address.
> [...] If I open my PC's browser and go to > https://whatismyipaddress.com/ it shows a Public address. Is that the > Nighthawk's WAN IP?
It should be, unless there's another (NAT) router between your R7800 and the outside world. If those addresses differ, then there is.
Nowadays, with IPv4 address space getting exhausted, more ISPs are using "Carrier-grade NAT", especially for residential customers (who, presumably, are not running servers, and wouldn't notice).
> Hm, there is typically the "Get dynamically from ISP" 8-/
On my D7000[v1] (V1.0.1.74_1.0.1), "Get Dynamically from ISP" is selected, but the correct "Internet IP Address" is shown in the boxes. I don't have an R7800, so I know nothing, but that's what "I'd try". (Which was phrased that way for a reason.) I'm always open to enlightenment. Does the R7800 _not_ show the "Internet IP Address" there?
Yes the Advanced Homepage widget only shows the Router's IP Address (Private, 192.168.1.1). If I go to Advanced/Setup/Internet Setup, the Internet Address is set to "Get Dynamically from ISP"
Ok. As I read that, the router's LAN IP address is the default, "192.168.1.1", and its WAN/Internet IP address is "192.168.0.115", which is a (another) private address, presumably assigned by the (other) router which is somewhere beyond your wall.
Presumably, what you got from whatismyipaddress.com was _not_ "192.168.0.115". The implications of that difference have been covered already.
Yes, the Router's WAN IP address does not coincide with the actual public IP, so then the ISP has placed another router between mine and the internet. First time I see this.
> [...] the ISP has placed another router between mine and the internet. > [...]
_Someone_ has. It could be your ISP; it could be your building management. I would expect an address like "192.168.0.x" to come from some (small-scale) local router, not from an ISP.
> [...] First time I see this.
It may not be the last. Especially if you don't deal directly with an ISP. (Or if your ISP uses CGN.)
> [...] my Nighthawk was set in AP Mode. [...]
You could go back to that kid of arrangement, but there are disadvantages that way, too. For example, your devices would then be on the same LAN subnet as those of any other user who also uses that same invisible router which is somewhere beyond your wall, Potentially, everyone in the building.
So just to understand the issue originally posted, the ping replied being reported in the ShieldsUP! test is done so by the "invisible" router, not my Nighthawk, right?
> [...] the ping replied being reported in the ShieldsUP! test is done > so by the "invisible" router, not my Nighthawk, right?
I assume so. If it's testing your public address, then it's talking to the router which has that (WAN/Internet) address, not to your router (which has a private (WAN/Internet) address ("192.168.0.115"), making it inaccessible directly).
