Disable Ping for Better Inernet Security?

[OVERKILL]

Originally Posted By: ZeeOSix
Originally Posted By: OVERKILL
It just means that nothing using UPNP inside your network is active, so there are no active mappings. Yes, you should disable it.


Should both the UPnP and UpnP NAT-T be disabled? Right now, both show as "Enabled" on my modem/router.

Will setting these to "Disable" cause any headaches down the road, like if I need to setup a wireless device (cell phone, smartTV, etc) up to use my modem/router?


Disable both. Since both are not doing anything presently, the odds of it breaking anything are pretty low.

 

[ZeeOSix]

Originally Posted By: OVERKILL
Originally Posted By: ZeeOSix
Originally Posted By: OVERKILL
It just means that nothing using UPNP inside your network is active, so there are no active mappings. Yes, you should disable it.

Should both the UPnP and UPnP NAT-T be disabled? Right now, both show as "Enabled" on my modem/router.

Will setting these to "Disable" cause any headaches down the road, like if I need to setup a wireless device (cell phone, smartTV, etc) up to use my modem/router?

Disable both. Since both are not doing anything presently, the odds of it breaking anything are pretty low.


Ok, just did that. When I disabled UPnP it also automatically disabled UPnP NAT-T. Sidenote: Looks like UPnP NAT-T can be disabled while leaving UPnP enabled if so desired/needed.

 

[OVERKILL]

Yeah, you don't desire or need it. uPnP is an awful thing.

 

[Quattro Pete]

Originally Posted By: OVERKILL
Yeah, you don't desire or need it. uPnP is an awful thing.

Don't some programs like Skype rely on uPnP to establish connections? Or will they work fine without it?

 

[OVERKILL]

Originally Posted By: Quattro Pete
Originally Posted By: OVERKILL
Yeah, you don't desire or need it. uPnP is an awful thing.

Don't some programs like Skype rely on uPnP to establish connections? Or will they work fine without it?


No. Some gaming consoles like to use it (XBox) but they will work fine with it disabled.

It was a solution designed for a "problem" that shouldn't exist and with a complete disregard for the potential security implications something that operated in that manner presented. It's like letting a bunch of people you don't know into your house and then trusting them not to open your windows or doors while potentially getting intoxicated or abusing illicit substances.

 

[Ducked]

Originally Posted By: OVERKILL

It's like letting a bunch of people you don't know into your house and then trusting them not to open your windows or doors while potentially getting intoxicated or abusing illicit substances.


You mean its like having a party? Sounds like fun when you put it that way.

 

[OVERKILL]

Originally Posted By: Ducked
Originally Posted By: OVERKILL

It's like letting a bunch of people you don't know into your house and then trusting them not to open your windows or doors while potentially getting intoxicated or abusing illicit substances.


You mean its like having a party? Sounds like fun when you put it that way.


Exactly like having a party. Then you wake up and somebody stole your TV, LOL

 

[alarmguy]

This was a great thread, much information.
As you know I disabled both pings.

But agree UPNP seems to be the golden goose based on you guys posts and some quick searches.
However I need to read up a bit more here is why.

I have A LOT of devices in my home. What if any will be affected?

Ruku players?

Ooma Home Telephone?

How about my wifes company CISCO VPN router that is plugged into the back of my TPLink router? (the TP link is where I would disable UPNP.

What about things like SKYPE?

The MAIN biggest concern is the wifes CISCO router which is plugged into the TPLink where I would disable UPNP.

The other would be OOMA.

(anyway was thinking of turning off UPNP and seeing what, if anything goes wrong, but will wait for the weekend IF I do, can not affort for my wifes system to go down, direct link to her company including phone network ect. (and most of all everything works perfect right now ) ... )

 

[OVERKILL]

Test it, but it shouldn't break anything. UPNP didn't become as popular as it was supposed to (thankfully).

If the Cisco device "calls out" for its handshake, it should work just fine. I have deployed 800-series ISR's as remote VPN clients that are programmed to use DHCP and call out to establish the tunnel over IPSec. It's basically the hardware equivalent to Cisco's EasyVPN IPSec software solution, and as such is perfect for deployments where the IP address cannot be fixed and so a dedicated site-to-site won't work.

 

[ZeeOSix]

alarmguy - I disabled my UPnP and tested my Roku, 2 smart TVs and my cell phone, and they all still work fine going wireless through my modem\router.

 

[alarmguy]

Originally Posted By: OVERKILL
Test it, but it shouldn't break anything. UPNP didn't become as popular as it was supposed to (thankfully).

If the Cisco device "calls out" for its handshake, it should work just fine. I have deployed 800-series ISR's as remote VPN clients that are programmed to use DHCP and call out to establish the tunnel over IPSec. It's basically the hardware equivalent to Cisco's EasyVPN IPSec software solution, and as such is perfect for deployments where the IP address cannot be fixed and so a dedicated site-to-site won't work.



Thanks, think Ill try it this weekend when my wife is not working. I think it will be fine too.

Also thanks for the feedback zeeosix.

This whole Internet stuff is out of control or should I say, the lack of concern by people that EVERY single move of their day, every single place they go to, every single thing of their life is "bookmarked" by a company that they think gives them "free services"
The most glaring example is google, where anyone with your google gmail address and password can go to any date in time, any moment in time and see where you were at that time (or better said your cell phone) and thats just the tip of the iceberg.

Some people would say what is the big deal, well, nothing, except the country was founded on personal freedoms/right to privacy which the world didnt know until the USA was born.
But most important, with this information, there are less then honest people who can and will use it to steal from you and other criminal acts which happens everyday now.

 

[Garak]

Originally Posted By: ZeeOSix
I did a test using "ShieldsUP" (thanks for the site suggestion Garak in my other thread) in the link below to check security status on the "Most Common and Troublesome Internet Ports".

You found the right site.

Originally Posted By: spackard
grc puts out some junk recommendations. This is one of them.

I wouldn't agree with this completely.

I'd call it a "dated" recommendation, and grc doesn't always get rid of dated recommendations. Some years back, I would have recommended one do this under certain circumstances, at least. However, most of these concerns are gone. Dynamic IPs that are changing constantly (i.e. dialup) aren't really the norm. The Ping of Doom or whatever it was called is history. And, people aren't pinging up and down an IP block these days to find valid IPs before doing other checks for nefarious purposes, since internet speed is sufficient and bandwidth isn't an issue.

 

[Quattro Pete]

Originally Posted By: OVERKILL
Originally Posted By: Quattro Pete
Originally Posted By: OVERKILL
Yeah, you don't desire or need it. uPnP is an awful thing.

Don't some programs like Skype rely on uPnP to establish connections? Or will they work fine without it?


No. Some gaming consoles like to use it (XBox) but they will work fine with it disabled.

It was a solution designed for a "problem" that shouldn't exist and with a complete disregard for the potential security implications something that operated in that manner presented. It's like letting a bunch of people you don't know into your house and then trusting them not to open your windows or doors while potentially getting intoxicated or abusing illicit substances.

Strangely, when I disabled UPnP on my router, my wife started complaining she can no longer print from her iPhone to our home network printer (HP). I re-enabled UPnP, and she was able to print again.

 

[OVERKILL]

Originally Posted By: Quattro Pete
Originally Posted By: OVERKILL
Originally Posted By: Quattro Pete
Originally Posted By: OVERKILL
Yeah, you don't desire or need it. uPnP is an awful thing.

Don't some programs like Skype rely on uPnP to establish connections? Or will they work fine without it?


No. Some gaming consoles like to use it (XBox) but they will work fine with it disabled.

It was a solution designed for a "problem" that shouldn't exist and with a complete disregard for the potential security implications something that operated in that manner presented. It's like letting a bunch of people you don't know into your house and then trusting them not to open your windows or doors while potentially getting intoxicated or abusing illicit substances.

Strangely, when I disabled UPnP on my router, my wife started complaining she can no longer print from her iPhone to our home network printer (HP). I re-enabled UPnP, and she was able to print again.



Then there is something goofy going on with your router, as the Apple services are entirely separate from UPnP.

 

[alarmguy]

Originally Posted By: ZeeOSix
alarmguy - I disabled my UPnP and tested my Roku, 2 smart TVs and my cell phone, and they all still work fine going wireless through my modem\router.


Thanks to this thread.
Disabled all options regarding "Ping" there were two of them.
Disabled UPnP

That was over a week ago, no bad side effects on our 16 or so connected devices (no gaming), no bad side effects on my wifes Cisco VPN work router/AVAYA phones that is plugged into our Archer C7 1750 home router.