Smart Firewall query

Hello Community

Regarding the Smart Firewall General Rules 

1) If I remove the check from Allow Specific Outbound ICMP ... Might that be similar to my router ICMP ping block.

2) I find Specific, Protocol in all the General Rules.   Does that just mean the specific default protocol for the General Rule.

&

3) Is Stateful Protocol Filter similar to SPI ~ Stateful Packet Inspection.

 

Thnx

Hello delphinium

Always a privilege to visit with you

Thnx for # 3 ...Makes sense. 

I was curious about # 1 because my router Firewall log is always empty.

My router vendor asserts that ICMP ping block ... offers a heightened level of security preventing hackers from seeing me.  &  That's why my Firewall log is always empty.  (If I had remote management On or DMZ On, then my FW log may log some events)

quote: >> Computer hackers use what is known as "Pinging" to find potential victims on the Internet. By pinging a specific IP address and receiving a response from the IP address, a hacker can determine that something of interest might be there. The Router can be set up so it will not respond to an ICMP Ping from the outside. This heightens the level of security of your Router. <<

Norton Security History > Intrusion Attempts > Severity ~ has been only Info since install of router.

I was curious about # 1 & 2 because when I cmd prmt ping / tracert.   Smart Firewall automatically creates a rule for IP Ping Command & IP Traceroute Command.  Program Control lists the Auto Command. 

 

 

Hello Community

Regarding the Smart Firewall General Rules 

1) If I remove the check from Allow Specific Outbound ICMP ... Might that be similar to my router ICMP ping block.

2) I find Specific, Protocol in all the General Rules.   Does that just mean the specific default protocol for the General Rule.

&

3) Is Stateful Protocol Filter similar to SPI ~ Stateful Packet Inspection.

 

Thnx

Hello bjm_

 

Ping and tracert are part of windows actually, so if you use that, it would need a rule to be created. They are in system 32 I believe.

 

edited to fix g to b. sorry about that bjm, My darn eyes.

 


floplot wrote:

Hello bjm_

Ping and tracert are part of windows actually, so if you use that, it would need a rule to be created. They are in system 32 I believe.


 

Aha!  Yes, I do see sys32 path in Program Control.   So, my activity in Windows prompts Smart Firewall to create program controls based upon Smart Firewall General Rules Defaults.     Lite Bulb moment !   :smileywink:

It's funny how I simply trust Norton to always do the right thing.  That, until I pick at it....

I don't really appreciate what's going on under the hood.  

Thnx

edit addition

Now, if I can confirm my router FW log is always empty because of router ICPM Ping Block ?

&  my # 1) If I remove the check from Allow Specific Outbound ICMP.

Might that be similar to my router ICMP ping block.  

McAfee has an ICPM Ping Block option (my neighbors have McAfee as the local provider offers it for free).   Curious as to how Smart Firewall handles ICPM ping attempts ?

Hi bjm:

 

You always ask very hard questions.  :smileytongue:  You do bring up an interesting point in that I had an older computer with a protected wireless connection through my 2-Wire router.  It never had a single entry under firewall activities either. I just assumed that since I had chosen maximum protection for this machine in the router settings, that nothing was being noted.  That should not be correct, as even the outgoing, firewall access should be noted in there somewhere, one would think.

 

More info on ping

 

http://en.wikipedia.org/wiki/Ping

 

Click the "Settings" button for the "ICMP" section. Uncheck the box titled "Allow incoming echo request" and click "OK". This will stop your PC from answering remote ping requests. If the box is already unchecked, you are already blocking ICMP traffic. If you have Microsoft File and Print Sharing enabled on your PC, you will be unable to uncheck this box.
    Many antivirus software suites also contain Internet firewalls. Typically, these firewalls will block all unsolicited incoming traffic by default, including ping requests. Check your particular software package's instructions to see how to configure the firewall to disable ICMP.
    If you use a router to connect to the Internet, you may be able to set the router to block ICMP traffic. Some router manufacturers, such as Belkin, make this as easy as checking an option titled "Block ICMP requests," while others require you to do advanced network configuration. Contact your router manufacturer for details on how to use your router to block ICMP.

 

    I noticed in my firewall rules this morning, as a result of your thread, that there are numerous ICMP blocks and allows.  It might be as easy as getting the most appropriate one and moving the "Block Rule" to the top of the list.  ICMP does do some useful things as well, so you might be better to configure the router rather than trying to figure out which rule to change.  The rules seem to be much more complex in 2011 than in previous versions.

Hi bjm_,

 

I'm not exactly clear on what you are trying to do.  The router controls all traffic coming in, so if it is dropping ping requests your PC will never get any packets that will cause it to respond no matter what your software firewall rules allow or block. 

 

I assume that only the router's inbound log is empty and that the outbound log is showing entries?  I know this is normal in the Linksys WRT54G.  It will not log any inbound connections unless you enable the DMZ.  For security, unless you need to do so you should not enable either the DMZ or Remote Management.

bjm_, the Default Allow Specific Outbound ICMP rule allows your computer to send ICMP packets. This rule is installed by default with all installations. This rule primarily allows you to run program like ping and tracert successfully. There are other rules that block certain Inbound ICMP communication, essentially blocking other machines from pinging your system. Since it sounds like you have a NAT router, your machine probably won't see any of these unless you tried it from some other system that is connected to that router.

Hello delphinium et al

Well, what a co-incadink.

I have a Belkin and yes, I have ICMP Ping Blocked and yes, it was as easy as checking an option titled "Block ICMP requests".

I still envisioned some FW events would find there way into the router FW log....but, alas :smileysad: my log is sans events.

After running the maze yesterday with Lv1 Belkin support.  I reached a senior tech that calmly assertively assured me that Belkin FW log is empty simply because I have blocked ICMP requests.  I may see a FW event if I allowed remote access or DMZ.  Since there is nothing of any real consequence for the FW log as Hackers do not see me and the Belkin System log posts ACK and WAN sends/receives.  Date & Time updates checks and logins. etc. 

Belkin "Block ICMP requests" just handles all the Bad ICMP attacks.  It's a good thing my Belkin FW log is empty.

You may recall (a few months back) I was prompted to get behind an inexpensive basic router.  I ran out and got behind a basic router.  The Belkin is Basic .  I took the prompting literal.  :smileyhappy:

Since hardware ICMP ping block is so effective... I was just curious how Norton handles ICMP pings. ?

Maybe, with all those Intrusion Attempts that I do surely do not miss. 

So, Belkin on day one was configured and Smart Firewall remains as always at default and no more Intrusion Attempts. 

 

Much thanks to the Community

 


bjm_ wrote:

I reached a senior tech that calmly assertively assured me that Belkin FW log is empty simply because I have blocked ICMP requests.  Intrusion Attempts. 


The tech was referring to settings in the router.  Basically, as long as you are behind a router your Norton Firewall will have nothing to do as far as inbound traffic is concerned.  Norton will still check outbound connections to make sure they are legitimate

 

Now, how the heck do I choose which post to mark-up Accept as Solution

Geez, these collaborative solutions are impossible to point to just one...

I need Accept All as Solution

                         :smileyvery-happy:

 


SendOfJive wrote:

Hi bjm_,

I assume that only the router's inbound log is empty and that the outbound log is showing entries? 


 

Hi SendOfJive,

Just noticed I missed your comment re inbound / outbound.  Belkin Basic N150 has a Security Log File .  Belkin's Log File has two parts ~ System Log & Firewall Log.  System Log shows entries.   Firewall Log shows nada. 

DMZ and Remote Management are not enabled.  So, that would explain why no inbound entries. 

And no outbound entries is explained by ICMP Ping Block enabled.  

So, that explans why Firewall Log shows nada.  specool.gif

I may have lost some 'grey matter' in the 60's.  So, ...may take me awhile but, I get there eventually. 

Thnx for all your help.

bjm_