Is it possible to block pings ?

General discussions about Little Snitch
Post Reply
In2Ndo
Posts: 6
Joined: Sun Sep 06, 2009 5:32 pm

Is it possible to block pings ?

Post by In2Ndo » Thu Oct 11, 2012 11:16 pm

Hello,

Just upgraded to LS 3 and was wondering if is possible to block all Ping (ICMP Echo) requests? I want to be able to pass this test https://www.grc.com/x/ne.dll?bh0bkyd2

I'm running Lion 10.7.5



Thank you

Stuart
Rank 2
Rank 2
Posts: 40
Joined: Tue Feb 01, 2011 3:02 pm

Re: Is it possible to block pings ?

Post by Stuart » Fri Oct 12, 2012 11:40 am

I have enabled "Stealth Mode" in the OS X built-in firewall (which I left enabled and had that confirmed as the recommended route here). So Stealth Mode enabled and no ICMP blocks in LS3 and I pass the "All Ports" test (i.e. all "stealth" (green).

So whilst I do not know enough to make recommendations about your own system security, if passing the test is your concern, built-in OS X incoming firewall in Stealth Mode should help (at least it does for my system). But it might depend on what applications you have running which have open ports awaiting connect requests.

When I asked here, the responses were basically that LS3 is an application centric firewall whereas OS X built-in firewall is more system centric.

Stuart

In2Ndo
Posts: 6
Joined: Sun Sep 06, 2009 5:32 pm

Re: Is it possible to block pings ?

Post by In2Ndo » Sat Oct 13, 2012 3:05 am

Thanks for the reply Stuart. I also have the firewall on stealth. I also pass the port test with all green. but If you scroll down on that test result page. it will say that you failed the test with this message
"Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation"
I was hopping that LS3 would help with that. because I knew that OSX's firewall doesn't. and that makes it not really stealth.. If your computer is responding to the ping. it is acknowledging that is there. and the idea of stealth is to appear to not be there.
I've been playing with Mac's since around 2000 or with the first ver. of OSX. got tired of windows. the GRC test was set up by a guy that invented the firewall ZoneAlarm to show Microsoft all the weakness of windows.
With the raising of hacking that is going on. I don't want to wait until hackers decide to make Mac's a main target. since I do everything online. Hopefully LS3 will get an updated that will do this. or OSX.

hagen
Wizard
Wizard
Posts: 594
Joined: Mon Feb 18, 2008 11:05 pm

Re: Is it possible to block pings ?

Post by hagen » Sat Oct 13, 2012 3:01 pm

I can pass the GRC test on OSX 10.6.8 Snow Leopard, with either LS 2 or 3. So the OSX firewall *is* blocking Ping.

-snip-
"Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests)."

My OSX firewall is set to "Block all incoming connections" and "Enable stealth mode".

Apple says it should work with Lion too https://support.apple.com/kb/PH4275 , but as Stuart says you might have (need) other applications listening.

It should be possible to block Ping with LS 3, I think. What happens if you disable the default rules for ICMP, and build your own set of rules?

Stuart
Rank 2
Rank 2
Posts: 40
Joined: Tue Feb 01, 2011 3:02 pm

Re: Is it possible to block pings ?

Post by Stuart » Sun Oct 14, 2012 11:41 am

hagen wrote:-snip-
"Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests)."

My OSX firewall is set to "Block all incoming connections" and "Enable stealth mode".


I ran my test again and got the same.
Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.

(Running Lion 10.7.5)
Stuart

In2Ndo
Posts: 6
Joined: Sun Sep 06, 2009 5:32 pm

Re: Is it possible to block pings ?

Post by In2Ndo » Tue Oct 16, 2012 9:28 pm

Thanks for the reply Hagen and Stuart. I have the same exact settings. I had to do a clean install of the OS because my HD died. Now I have a SSD. So no much software running on the system. I'm running Mozy back up, Sophos AV and LS3... Those would be the only ones that would constantly be using the Internet connection.
Are you guys running a router other than apple ? I use an Apple TM.

Stuart
Rank 2
Rank 2
Posts: 40
Joined: Tue Feb 01, 2011 3:02 pm

Re: Is it possible to block pings ?

Post by Stuart » Wed Oct 17, 2012 2:59 pm

In2Ndo wrote:I use an Apple TM.


Using non-Apple router but that is NOT the block as, if I ping Mac with LS3 from another computer within my LAN (i.e. not touching the ADSL router) then it the Mac is still unresponsive. If I ping e.g. a Windows computer with no ping-blocker (rarely switched on) then the ping works (gets a response) so it is not the network architecture either ('cos Mac/LS3 don't respond to local pings whereas other local computers without ping blocking do respond).

Stuart

Post Reply