Orbi WiFi 7 RBE973
Reply

Re: R7800 ShieldsUP fails Stealth mode/Replies Ping

perseid
Aspirant

R7800 ShieldsUP fails Stealth mode/Replies Ping

Hi all, I performed the ShieldsUP! test on all ports

and all ports come green (Stealth), however it fails the test because of the following:

 

"Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation."

 

Is there any way to fix this so to make the router completely stealth? Thanks

Model: R7800|Nighthawk X4S AC2600 Wifi Router
Message 1 of 25

Accepted Solutions
antinode
Guru

Re: R7800 ShieldsUP fails Stealth mode/Replies Ping

> [...] the ISP has placed another router between mine and the internet.
> [...]

 

   _Someone_ has.  It could be your ISP; it could be your building
management. I would expect an address like "192.168.0.x" to come from
some (small-scale) local router, not from an ISP.

 

> [...] First time I see this.

 

   It may not be the last.  Especially if you don't deal directly with
an ISP.  (Or if your ISP uses CGN.)

 


> [...] my Nighthawk was set in AP Mode. [...]

 

   You could go back to that kid of arrangement, but there are
disadvantages that way, too.  For example, your devices would then be on
the same LAN subnet as those of any other user who also uses that same
invisible router which is somewhere beyond your wall,  Potentially,
everyone in the building.

View solution in original post

Message 23 of 25

All Replies
microchip8
Master

Re: R7800 ShieldsUP fails Stealth mode/Replies Ping

Go to Advanced -> Setup -> WAN Setup and disable "respond to ping on internet port"

Message 2 of 25
perseid
Aspirant

Re: R7800 ShieldsUP fails Stealth mode/Replies Ping

Thanks for your reply. I had that option greyed out since my Nighthawk was set in AP Mode. So I factory reset the router, set it in Router Mode, and the option you mentioned was made available. As you can see from screenshot the "Respond to Ping on Internet Port" is disabled, but the ShieldsUP! test still gives the same results, namely:

 

"Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation."

 

Any other setting that might be affecting this? Thanks

Model: R7800|Nighthawk X4S AC2600 Wifi Router
Message 3 of 25

Re: R7800 ShieldsUP fails Stealth mode/Replies Ping

@perseid 

 

Whats in front of your Nighthawk?  Suggest you look at it. 

 

 

Message 4 of 25
perseid
Aspirant

Re: R7800 ShieldsUP fails Stealth mode/Replies Ping

What do you mean by "in front of my router"? My router is connected directly to the internet (wired) and my PC is connected to the router wired too (I don't use wireless).

Model: R7800|Nighthawk X4S AC2600 Wifi Router
Message 5 of 25
antinode
Guru

Re: R7800 ShieldsUP fails Stealth mode/Replies Ping

> What do you mean by "in front of my router"? [...]

 

   Probably: Between your router and your (unspecified) ISP.

 

   To what, exactly, is the WAN/Internet port of your router connected?
(Hint: "The wall" is not a very informative answer.)

 

> [...] My router is connected directly to the internet (wired) [...]

 

   "The Internet" is more complicated than you realize.  Likelier than
not, you're connecting your R7800 to some other router, and _that_
router responds to Ping (ICMP Echo) requests.


   What is/are the IP address(es) of the R7800?

 

> [...] This is highly recommended since "Ping" is among the oldest and
> most common methods used to locate systems prior to further
> exploitation."


   Rather dubious advice, I'd say.  I doubt that disabling the "ping"
response from the (invisible) router in your environment (of which
you're unaware) would have much of an effect on your exposure to
malefactors on the (actual) Internet.  Relax.

Message 6 of 25
perseid
Aspirant

Re: R7800 ShieldsUP fails Stealth mode/Replies Ping

There is a network cable from the ISP coming out of the wall which is directly connected to my Nighthawk, so in my apartment there is no other router other than mine. There could be a router in the building from which all apartments are fed, I have no idea about that, but will find out. When posting this issue I assumed that the ISP cable connected to my router is a peer to peer connection to my ISP with no router in between.

Model: R7800|Nighthawk X4S AC2600 Wifi Router
Message 7 of 25
antinode
Guru

Re: R7800 ShieldsUP fails Stealth mode/Replies Ping

> [...] I assumed [...]

 

   Always risky.

 

> [...] that the ISP cable connected to my router is a peer to peer
> connection to my ISP with no router in between.

 

   I'd guess not.  Especially if anything worked when the R7800 was
configured as a wireless access point.  (And you're not a peer of your
ISP, you're a client.)

 

>    What is/are the IP address(es) of the R7800?

 

   An answer to that might provide additional clues.  The ADVANCED >
ADVANCED Home page on the management web site ("routerlogin.net", ...)
should provide the basic data.

Message 8 of 25
perseid
Aspirant

Re: R7800 ShieldsUP fails Stealth mode/Replies Ping

You're right. the fact that the Nighthawk configured in AP Mode was able to supply an internet connection to my devices sounds as if there's another router somewhere between me and the ISP.  The Advanced homepage shows 192.168.1.1 as the Router's IP address which of course is not the same as the WAN IP

Model: R7800|Nighthawk X4S AC2600 Wifi Router
Message 9 of 25
antinode
Guru

Re: R7800 ShieldsUP fails Stealth mode/Replies Ping

> [...] The Advanced homepage shows 192.168.1.1 as the Router's IP
> address which of course is not the same as the WAN IP

 

   When configured as a router, the R7800 will have two IP addresses.
Its default LAN IP address is "192.168.1.1".  The critical datum is its
WAN/Internet IP address.  If that's some other private address, then
you've confirmed that that interface is connected to some other router
somewhere.

Message 10 of 25
perseid
Aspirant

Re: R7800 ShieldsUP fails Stealth mode/Replies Ping

How can I check the Nighthawk's WAN/Internet IP address? The Advanced Homepage only shows the Router's IP Address which is the one I mentioned (192.168.1.1). If I open my PC's browser and go to https://whatismyipaddress.com/ it shows a Public address. Is that the Nighthawk's WAN IP?

Model: R7800|Nighthawk X4S AC2600 Wifi Router
Message 11 of 25
schumaku
Guru

Re: R7800 ShieldsUP fails Stealth mode/Replies Ping


@perseid wrote:

How can I check the Nighthawk's WAN/Internet IP address? The Advanced Homepage only shows the Router's IP Address which is the one I mentioned (192.168.1.1).


Wherever the effective public IP address is associated - on some ISP router, on some Carrier Grade NAT router, ...

 

The Advanced Homepage does certainly show the Internet Port widget (or table section) aside of the Router Information, isn't it?

Message 12 of 25
antinode
Guru

Re: R7800 ShieldsUP fails Stealth mode/Replies Ping

> [...] The Advanced Homepage only shows the Router's IP Address [...]

 

   Look more closely?  I'd expect it to subtly tucked away under
ADVANCED > ADVANCED Home : Router Information : IP Address, but, if not,
then I'd try ADVANCED > Setup > Internet Setup : Internet IP Address.

 

> [...] If I open my PC's browser and go to
> https://whatismyipaddress.com/ it shows a Public address. Is that the
> Nighthawk's WAN IP?

 

   It should be, unless there's another (NAT) router between your R7800
and the outside world.  If those addresses differ, then there is.

 

   Nowadays, with IPv4 address space getting exhausted, more ISPs are
using "Carrier-grade NAT", especially for residential customers (who,
presumably, are not running servers, and wouldn't notice).

 

      https://en.wikipedia.org/wiki/Carrier-grade_NAT

 

   So, even if there were no on-premises router behind your wall, you
could still get sandbagged by your ISP.  (But my money is still on the
building.)

Message 13 of 25
schumaku
Guru

Re: R7800 ShieldsUP fails Stealth mode/Replies Ping


@antinode wrote:

... if not, then I'd try ADVANCED > Setup > Internet Setup : Internet IP Address.

Hm, there is typically the "Get dynamically from ISP" 8-/

Message 14 of 25
antinode
Guru

Re: R7800 ShieldsUP fails Stealth mode/Replies Ping

> Hm, there is typically the "Get dynamically from ISP" 8-/

 

   On my D7000[v1] (V1.0.1.74_1.0.1), "Get Dynamically from ISP" is
selected, but the correct "Internet IP Address" is shown in the boxes.
I don't have an R7800, so I know nothing, but that's what "I'd try".
(Which was phrased that way for a reason.)  I'm always open to
enlightenment.  Does the R7800 _not_ show the "Internet IP Address"
there?

Message 15 of 25
schumaku
Guru

Re: R7800 ShieldsUP fails Stealth mode/Replies Ping


@antinode wrote:

   On my D7000[v1] (V1.0.1.74_1.0.1), "Get Dynamically from ISP" is
selected, but the correct "Internet IP Address" is shown in the boxes.


Oh that's interesting - standardisation by Netgear. Have no NTGR router showing an IP address there 8-/

Message 16 of 25
perseid
Aspirant

Re: R7800 ShieldsUP fails Stealth mode/Replies Ping

Yes the Advanced Homepage widget only shows the Router's IP Address (Private, 192.168.1.1). If I go to Advanced/Setup/Internet Setup, the Internet Address is set to "Get Dynamically from ISP"

Model: R7800|Nighthawk X4S AC2600 Wifi Router
Message 17 of 25
schumaku
Guru

Re: R7800 ShieldsUP fails Stealth mode/Replies Ping

Hard to imagine - provide a screenshot.

 

Here is for example an R9000:

R9000 Advanced Home.JPG

Message 18 of 25
microchip8
Master

Re: R7800 ShieldsUP fails Stealth mode/Replies Ping

Like @schumaku I also have on my R7800 the widget that displays WAN IPs (and DNS/DHCP servers)

Message 19 of 25
perseid
Aspirant

Re: R7800 ShieldsUP fails Stealth mode/Replies Ping

Here is a screenshot

 

Model: R7800|Nighthawk X4S AC2600 Wifi Router
Message 20 of 25
antinode
Guru

Re: R7800 ShieldsUP fails Stealth mode/Replies Ping

> Here is a screenshot

 

   Ok.  As I read that, the router's LAN IP address is the default,
"192.168.1.1", and its WAN/Internet IP address is "192.168.0.115", which
is a (another) private address, presumably assigned by the (other)
router which is somewhere beyond your wall.

 

   Presumably, what you got from whatismyipaddress.com was _not_
"192.168.0.115".  The implications of that difference have been covered
already.

Message 21 of 25
perseid
Aspirant

Re: R7800 ShieldsUP fails Stealth mode/Replies Ping

Yes, the Router's WAN IP address does not coincide with the actual public IP, so then the ISP has placed another router between mine and the internet. First time I see this.

Model: R7800|Nighthawk X4S AC2600 Wifi Router
Message 22 of 25
antinode
Guru

Re: R7800 ShieldsUP fails Stealth mode/Replies Ping

> [...] the ISP has placed another router between mine and the internet.
> [...]

 

   _Someone_ has.  It could be your ISP; it could be your building
management. I would expect an address like "192.168.0.x" to come from
some (small-scale) local router, not from an ISP.

 

> [...] First time I see this.

 

   It may not be the last.  Especially if you don't deal directly with
an ISP.  (Or if your ISP uses CGN.)

 


> [...] my Nighthawk was set in AP Mode. [...]

 

   You could go back to that kid of arrangement, but there are
disadvantages that way, too.  For example, your devices would then be on
the same LAN subnet as those of any other user who also uses that same
invisible router which is somewhere beyond your wall,  Potentially,
everyone in the building.

Message 23 of 25
perseid
Aspirant

Re: R7800 ShieldsUP fails Stealth mode/Replies Ping

So just to understand the issue originally posted, the ping replied being reported in the ShieldsUP! test is done so by the "invisible" router, not my Nighthawk, right?

Model: R7800|Nighthawk X4S AC2600 Wifi Router
Message 24 of 25
antinode
Guru

Re: R7800 ShieldsUP fails Stealth mode/Replies Ping

> [...] the ping replied being reported in the ShieldsUP! test is done
> so by the "invisible" router, not my Nighthawk, right?

 

   I assume so.  If it's testing your public address, then it's talking
to the router which has that (WAN/Internet) address, not to your router
(which has a private (WAN/Internet) address ("192.168.0.115"), making it
inaccessible directly).

Message 25 of 25
Top Contributors
Discussion stats
  • 24 replies
  • 6812 views
  • 4 kudos
  • 5 in conversation
Announcements

Orbi WiFi 7