Ping test from a testing site like Gibson's?

If the machine is sitting behind a NAT router is the ping test valid?

I thought that the router under normal circumstances is the device that will react to the ICMP traffic, and no machine behind the router will react to the ICMP traffic.

When a router or FW appliance has the ability to set rules to stop ICMP traffic, just what is happening? Is the device just not responding or what? What is the device doing?

The reason I am asking is I got someone that's asking does he have to set the personal FW to block ICMP traffic behind the NAT router, because of this Gibson's ping test.

Reply to
Mr. Arnold
Loading thread data ...

Most router's have an option to block WAN requests(ICMP). Depends on what is selected. Further more when you request a test from sites like GRC it typically pings/tests the WAN IP not the LAN IP of the computer your are logged in from. If it's only pinging the WAN IP that means its attempting access to the router and has nothing to do with any firewall you might be running on your computer. Now if you are not behind a router and directly connected to modem then a test would attempt connection to your computer's IP and the OS or any personal firewall would affect results.

Reply to

After doing some further research on the problem, I too found out that the router is being pinged on its WAN IP and is the device that is re-acting, and a computer running the ping test is not a valid test, when it was behind the router. I told the person to take the computer out from behind the router and connect it to the modem and then see if he could set rules with the PFW to block ping traffic.


Reply to
Mr. Arnold

Agreed Any outside site, GRC or a hacker's, has no idea of the internal ( address of the actual computer, and therefore cannot possibly ping it. The exception is if the filewall specifically allows 'pass through' traffic such as DMZ, but in this case, the WAN ping is 'translated' to a LAN ping, and back when responded to.

Ping tests are valid (and often useful) inside your LAN, so I always allow the computers here to respond to them.

Thi is one (of many) valid reasons to have a router/firewall device when you have only one compter using the internet.


Reply to
Stuart Miller Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.