User comments on ISPs
  >> PlusNet plc


Register (or login) on our website and you will not see this ad.


  Print Thread
Standard User goatty2
(member) Fri 29-Jul-16 17:02:29
Print Post

service blocked


[link to this post]
 
have this on my router logs about every hour

[DHCP IP: (192.168.0.0)] to MAC address :::::, Friday, Jul 29,2016 14:58:29
[Service blocked: ICMP_echo_req] from source 198.20.99.130, Friday, Jul 29,2016 14:51:39
anyone know whats causing this
Standard User RobertoS
(elder) Fri 29-Jul-16 17:12:08
Print Post

Re: service blocked


[re: goatty2] [link to this post]
 
I don't know if this helps frown.

Have you got pings enabled or disabled on your router?

Kindness isn't going to cure the world of all its awfulness but it's a good place to begin. Daisy Ridley.
My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - AAISP Home::1 80/20. Sync 57791/14021kbps @ 600m. - BQM
Standard User jchamier
(eat-sleep-adslguide) Fri 29-Jul-16 17:25:09
Print Post

Re: service blocked


[re: goatty2] [link to this post]
 
In reply to a post by goatty2:
[DHCP IP: (192.168.0.0)] to MAC address :::::, Friday, Jul 29,2016 14:58:29
[Service blocked: ICMP_echo_req] from source 198.20.99.130, Friday, Jul 29,2016 14:51:39
anyone know whats causing this


An infected machine on an ISP in the USA, probably has a botnet agent on it. Its trying to ping your IP (probably along with a few hundred thousand) and your router is logging the fact it did not reply.

This is about as interesting as dead flies on your windscreen when driving down the motorway. Ignore it or disable the logging about not responding to ICMP echo packets (ping).

viz: https://en.wikipedia.org/wiki/Internet_background_noise

Separately if your router lets you (BT home hubs do not) then you might find that allowing your router to be pingable from the internet means you get better streaming performance. Many router vendors turn off ping response (ICMP echo) in a mistaken belief this improves security, which it does not.

plusnet unlimited fibre 80/20 since 2 Jun 14 / Sync 6th Nov: 58,280/10,784 kbps with G.INP
16 years UK broadband (Since 1999 ntl:cable trial), Asus RT-AC68U & HG612 - BQM - Flash Speedtest - HTML Speedtest


Register (or login) on our website and you will not see this ad.

Standard User goatty2
(member) Fri 29-Jul-16 17:50:32
Print Post

Re: service blocked


[re: RobertoS] [link to this post]
 
pings are disabled
Standard User RobertoS
(elder) Fri 29-Jul-16 18:28:15
Print Post

Re: service blocked


[re: goatty2] [link to this post]
 
No problem then smile.

Kindness isn't going to cure the world of all its awfulness but it's a good place to begin. Daisy Ridley.
My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - AAISP Home::1 80/20. Sync 57791/14021kbps @ 600m. - BQM
Standard User Vorlon
(fountain of knowledge) Fri 29-Jul-16 23:42:55
Print Post

Re: service blocked


[re: goatty2] [link to this post]
 
If you haven't looked already, I've always found Steve Gibson's site useful. A quick overview of your Modem/router security can be tested by his website GRC.com. There are various tools, but "Shields Up" is quite a good starting point.
https://www.grc.com/intro.htm
Standard User ukhardy07
(knowledge is power) Sat 30-Jul-16 01:03:12
Print Post

Re: service blocked


[re: jchamier] [link to this post]
 
in a mistaken belief this improves security, which it does not.


Care to elaborate? I can think of many reasons why it is a good security measure to have it disabled...

I have seen ICMP being used as a tunnel for a remote shell plenty of times. Network admins just see the traffic as harmless ping and ignore it.
Standard User goatty2
(member) Sat 30-Jul-16 10:28:07
Print Post

Re: service blocked


[re: Vorlon] [link to this post]
 
just done the tests on grc.com and my computer is in stealth mode and has very good security
Standard User jchamier
(eat-sleep-adslguide) Sat 30-Jul-16 12:09:07
Print Post

Re: service blocked


[re: ukhardy07] [link to this post]
 
In reply to a post by ukhardy07:
Care to elaborate? I can think of many reasons why it is a good security measure to have it disabled...

Search path-mtu discovery for more.

I have seen ICMP being used as a tunnel for a remote shell plenty of times. Network admins just see the traffic as harmless ping and ignore it.

I didn't say allow ICMP (echo) through your firewall, just respond to an echo from the external interface. Blocking echo responses does not stop malicious people finding your device. Just look at nmap for two minutes, you can SYN scan a subnet in a few minutes and find all the hosts that are connected even when they don't respond to ICMP ECHO packets.

ICMP ECHO is extremely useful for diagnostics, not least the thinkbroadband BQM

plusnet unlimited fibre 80/20 since 2 Jun 14 / Sync 6th Nov: 58,280/10,784 kbps with G.INP
16 years UK broadband (Since 1999 ntl:cable trial), Asus RT-AC68U & HG612 - BQM - Flash Speedtest - HTML Speedtest
  Print Thread

Jump to