How can I stop my computer from sending a Ping reply for security reasons?

Shaul October 13, 2011

I made a security check at SHIELDSUP and my computer failed in the following point:

Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since “Ping” is among the oldest and most common methods used to locate systems prior to further exploitation.

How I can close my ping response?
Using Windows 7 32-bit.

  1. James Bruce
    October 17, 2011 at 3:10 pm

    Or you could just not bother, because being able to ping a computer represents absolutely zero security risk…  and any changes you make are quite likely to mess up other apps on your system. Next thing you know, you'll be back here asking why your online games suddenly dont work anymore!

    • Jeff Fabish
      October 17, 2011 at 7:22 pm

      Not entirely true. On arbitrary host scanning (such as war driving), a host that responds to a ECHO Request is then a target. This is only a single example. If you have a wireless connection, you're pretty much a target regardless (presuming it's detected from the street). 

      Take for instance the skiddies who learn to use Cain and Abel, then perform a ping on an IP Address range near theres, if you're system doesn't respond then your dead to them. 

      I've had my firewall blocking ICMP echo reply & request and the only problem I've run into is with using Hamachi. It's more or less security through obscurity, which isn't security at all. To be honest, it's not likely to stop a determined hacker with any competence. 

  2. Jeff Fabish
    October 13, 2011 at 8:29 pm

    Install a Firewall

    In Comodo Firewall, open up the interface and go to the "Firewall" tab, then "Network Security Policy" and then the "Global Rules" tab. "Add" a new rule with this configuration:

    Action: Block
    Protocol: ICMP
    Direction: In/Out
    Description: Block ICMP Echo Replies

    Leave "source" and "destination" address at "any address". Then go to the "ICMP Details" tab.

    Message: ICMP Echo Reply

    Then select "Apply". You can buff up your security a little bit more by going to "Stealth Ports Wizard" and select "Block all incoming connections and make my ports stealth for everyone".

    • Mjevolve
      October 13, 2011 at 8:43 pm

      Hello Jeff ,

      well , stealthing your ports is a good thing ,
      but it can cause network / connectivity problems in apps like the uTorrent or any other which are using the P2P protocol , where access to a port is required for establishing a connection and inturn enjoy the good speeds or seamless data transfer .

      so stealthing in these cases can cause a problem .

      i used to use Comodo ,
      and i think the second option ( dont remember what .. ) , works good enough ...  :)

      hope it makes sense ....

      • Jeff Fabish
        October 13, 2011 at 8:46 pm


        My configuration is to block all incoming connections and yet my P2P software works fine. If you have allowed your P2P application through, the "white list" takes precedence over the "black list". What I mean is, if you allow something in (such as uTorrent) yet at the same time have a rule that would have otherwise blocked it, the application (and associated connections) will be allowed on a "benefit of the doubt" paradigm. The same is true for most firewalls.

  3. Mjevolve
    October 13, 2011 at 8:01 pm

    do this ---

    go to
    Control Panel / Windows firewall > Advanced settings (on left side) > Inbound rules > New rule (on right side) :
    go to Custom Rules and select like the following steps -
    set "all programs" > protocol "ICMPv4" > ICMP settings click Customize
    button and choose "specific ICMP types > echo request. >> Choose "block"  

    it should be stealthed now ....

    hope it helps ..

    tell if you need more help ...

    • Mjevolve
      October 13, 2011 at 8:50 pm

      the steps i outlined are for manual setup of the rule ...

      i also think ,
      that if you change the Firewall Profile/Mode from Home to Public ,
      the computer will be auto matically set up into a high secure zone .
      and it will block ICMP and other such requests by default ...  :)

      • Mjevolve
        October 17, 2011 at 2:26 pm

        guest = Mjevolve

Ads by Google