×

Introducing the Orbi 970 Series Mesh System with WiFi 7(BE) technology. For more information visit the NETGEAR Press Room.

Start a New Discussion

Start a New Discussion

Orbi WiFi 7 RBE973
Reply

Re: Respond to Internet ICMP (Ping) Set on 2.5.1.8?

CrimpOn
Guru Guru
Guru
‎2020-03-16 11:02 PM
‎2020-03-16 11:02 PM

Respond to Internet ICMP (Ping) Set on 2.5.1.8?

Just for a lark, I tried Gibson's "SheldsUP!" test against my Orbi running 2.5.1.8 and discovered that it responds to Internet ICMP (Ping) requests. https://www.grc.com/x/ne.dll?bh0bkyd2 (This may explain some of the DoS attempts that my Orbi keeps logging.)

 

I distinctly remember that I always keep this option "unchecked" except when doing an experiment here and there.  And, I always uncheck it after the experiment.  Now, the option is "checked" but "grayed out", which means that I cannot change it.  Oh, fudge!  Fortunately, I remembered that some nice forum member provided me a way to "uncheck" it with telnet: 

    config set wan_endis_rspToPing=0

 

If it's not too much bother, it would be interesting to hear how other Orbi's with 2.5.1.8 are set up.

  • Is Respond to internet Ping checked or not?
  • Is it grayed out or not?

(Or, some kind person could point out what stupid thing I did to change this from unchecked to checked and grayed out.)

 

Thanks

Model: RBR50|Orbi AC3000 Tri-band WiFi Router
Message 1 of 5
0 Kudos
Reply
CrimpOn
Guru Guru
Guru
‎2020-03-16 11:11 PM
‎2020-03-16 11:11 PM

Re: Respond to Internet ICMP (Ping) Set on 2.5.1.8?

Well, now I have gone from puzzled to cranky.  After "fixing" Respond to Ping, the option is now unchecked, but (a) is still grayed out, and (b) Gibson still reports that my Orbi responds to ICMP (Ping).  Disconnected my cell phone from Orbi (to LTE) and I can ping the Orbi from my cell phone.   I'm not trying to create World Peace here.  I just want my Orbi to stop responding to Pings from the internet.  Damn.

Message 2 of 5
0 Kudos
Reply
tomschmidt
Virtuoso
Virtuoso
‎2020-03-17 06:51 AM
‎2020-03-17 06:51 AM

Re: Respond to Internet ICMP (Ping) Set on 2.5.1.8?

@CrimpOn, I am also running v2.5.1.8 and respond to ping is unchecked.  Yet if I ping my WAN IP address it answers a ping.  I checked it and repeated the test, still answers ping.  Uncheck again and it still answers ping.  These pings are not logged in the routers logs, but yes, this can contribute to more DDOS attempts.

 

Do you have Dynamic DNS enabled?  I disabled DDNS, but pings are still being answered even though it should not be answering them.  The config value shows it is disabled.

 

root@RBR50:/# config show | grep -i ping
wan_endis_rspToPing=0
ookla_averageping=0

 

If I enable it in the web GUI, then wan_endis_rspToPing=1 as it should.

 

So then I wondered if my cable modem is answering the ping, not the router.  So I unplugged the cable between my modem and router and run a ping from my cell phone on LTE and my WAN IP still answers.  Therefore the modem is answering this ping, not the router.  I logged into my modem and the settings are configured by my ISP, nothing that I can set to disable it from answering a ping.  I may have to contact them to have them disable answering ping on the modem, or if that is even supported.

Model: RBK53|Orbi AC3000 Tri-band WiFi System
Message 3 of 5
0 Kudos
Reply
CrimpOn
Guru Guru
Guru
‎2020-03-17 09:14 AM
‎2020-03-17 09:14 AM

Re: Respond to Internet ICMP (Ping) Set on 2.5.1.8?

@tomschmidt wrote:

Do you have Dynamic DNS enabled?  I disabled DDNS, but pings are still being answered even though it should not be answering them.  The config value shows it is disabled.

I do have DDNS enabled.  For a test, I disabled it and the "Respond" box remains grayed out.

 

So then I wondered if my cable modem is answering the ping, not the router.  So I unplugged the cable between my modem and router and run a ping from my cell phone on LTE and my WAN IP still answers.

With everybody "sheltering", I will have to plan a time to unplug the Orbi to make this test.

As an alternate test, I did a debug capture and had ShieldsUP! scan my IP.  The WAN capture file clearly shows the ping come in and a ping response go back.  The capture file says the response is from my IP adddress and has the MAC address of my Orbi WAN port.

 

The capture file has a lot of traffic from dynupdate.no-ip.com, but none of these packets are ICMP.

 

Thanks for the thoughtful response.

Message 4 of 5
0 Kudos
Reply
bkeith4web
Guide
Guide
‎2020-09-04 06:18 PM
‎2020-09-04 06:18 PM

Re: Respond to Internet ICMP (Ping) Set on 2.5.1.8?

@CrimpOnI was working on my OpenVPN today on a RBR40 with the latest firmware (2.5.1.16 I think) and ran into a weird respond to ping issue.  I know about enabling the VPN resetting the 'respond to ping' config switch and how to set it with telnet.  But even when set to zero, GRC shields up (and my own internet ping from my phone) still showed an internet ping response.  I unplugged the router from my (comcast) cable modem based on this thread to see if was the router or the cable modem responding.  The ping response stopped, so it was the Orbi router.  Plugged it back in and voila, still no ping response (like it should have been all along).

 

The Orbi re-acquired the same IP address from comcast as it had before (they do a pass-through so my router actually gets an IP address from Comcast DHCP server, not from my cable modem which is owned by me, not leased/rented) but no longer responded to pings from the internet.  I didn't make any changes on the Orbi, just unplugged and re-plugged the wan ethernet cable.

 

I don't understand why this would be, and don't know if I got a new DHCP lease from comcast or was re-assigned the old one, but that's what happened.  Maybe another data point that might be helpful for you.  Good luck with your trouble-shooting!

Message 5 of 5
0 Kudos
Reply
Top Contributors
See All
Discussion stats
  • 4 replies
  • ‎2020-03-16 11:02 PM
  • 1677 views
  • 0 kudos
  • 3 in conversation
Announcements

Orbi WiFi 7