Customers With Disabilities
  • RESIDENTIAL
  • BUSINESS

    Verizon Business Sites

  • WIRELESS
Reply
Contributor
6chars
Posts: 3
Registered: ‎03-31-2009
0 Kudos
Accepted Solution

How to block pings with new Westell 7500?

My previous Westell 7500 (A90-750015-07) died so Verizon sent me a new one.  With the previous modem selecting Medium or High for the firewall would drop pings, now even selecting High won't drop pings.  Any idea whether this is possible?

 

Another difference is that selecting "Custom Rules" for the firewall actually does something now (it didn't with the old modem).  But I'm not sure how to configure this page and I don't see any control over whether a packet is dropped/rejected/etc.

 

 

MVP
dslr595148
Posts: 5,377
Registered: ‎09-24-2008
0 Kudos

Re: How to block pings with new Westell 7500?

[ Edited ]
While I do not know the answer, to your question. and while I know that are not not ping-able.

News flash:.

Just because you are not ping-able, does not mean you are really hidden!

#1 Ever hear of trace route?

For example...



TraceRoute to 151.197.*.* [pool-151-197-*-*.phil.east.verizon.net]
Hop (ms) (ms) (ms) IP Address Host name
1 16 14 13 72.249.134.177 -
2 15 7 12 206.123.64.22 -
3 8 11 8 216.52.189.9 border4.te4-4.colo4dallas-4.ext1.dal.pnap.net
4 8 6 7 216.52.191.38 core1.tge5-1-bbnet1.ext1.dal.pnap.net
5 9 6 6 208.51.41.57 ae0.411.ar1.dal2.gblx.net
6 7 8 9 64.215.195.46 uunet-1.ar2.dal2.gblx.net
7 11 11 13 152.63.103.77 0.so-6-1-0.xt4.dfw9.alter.net
8 9 10 8 152.63.0.110 0.so-5-3-0.dfw01-bb-rtr2.verizon-gni.net
9 21 12 9 130.81.17.66 so-1-0-0-0.bb-rtr1.dfw01.verizon-gni.net
10 50 49 50 130.81.17.40 so-11-0-0-0.res-bb-rtr1-re1.17.81.130.in-addr.arpa
11 57 54 52 130.81.17.2 so-8-0-0-0.bb-rtr1.phil.verizon-gni.net
12 Timed out Timed out Timed out -
13 Timed out Timed out Timed out -
14 Timed out Timed out Destination network unreachable -
15 Timed out Timed out Timed out -

Trace aborted..

 



That came from http://network-tools.com/, entered in a public IP, selected express, and pressed submit.

#2 Hate to break it to but must servers have logs and if you connect to any of these servers, your public IP will be there.

#3 If you ever send e-mail / post messages on a news server, in the headers is your IP Address.
Message Edited by dslr595148 on 04-01-2009 05:21 PM

If you are the original poster (OP) and your issue is solved, please remember to click the "Solution?" button so that others can more easily find it. If anyone has been helpful to you, please show your appreciation by clicking the "Kudos" button.


 

Platinum Contributor I
prisaz
Posts: 6,811
Registered: ‎08-23-2008

Re: How to block pings with new Westell 7500?

[ Edited ]

6chars wrote:

My previous Westell 7500 (A90-750015-07) died so Verizon sent me a new one.  With the previous modem selecting Medium or High for the firewall would drop pings, now even selecting High won't drop pings.  Any idea whether this is possible?

 

Another difference is that selecting "Custom Rules" for the firewall actually does something now (it didn't with the old modem).  But I'm not sure how to configure this page and I don't see any control over whether a packet is dropped/rejected/etc.

 

 


 

Under Firewall Settings on the side bar where it says Remote Administration. Remove the check mark from respond to incoming ICMP requests. It is last on the page for Remote Administration. Why there?

 

Also I have found the Ident port 113 responds on some routers with no way to disable it. So I have forwarded it to an IP address that is not in my DHCP address distribution list, and an IP that is not used. This causes the router to dead end you might say, and it will not respond if nothing is at that IP.

 

While it is true that you will not be invisable to sites or routers that you pass through. I do believe it is good if your system does not respond to port scans.

 

If you look at your profile on this forum you will also see on the left where it shows the browser header that is sent with every query by your web browser. So when you visit web sites, you send more then you think with your browser. It is shown under your statistics.

Message Edited by prisaz on 04-01-2009 05:47 PM
Contributor
6chars
Posts: 3
Registered: ‎03-31-2009
0 Kudos

Re: How to block pings with new Westell 7500?

@dslr- I've been running traceroute for about 25 years.  Thanks though.  In those rare cases I want ip address anonymity I use tor.

 

@prisaz- alas, there isn't a box for me under Remote Administration.  Maybe we're running different firmware :smileysad:  I'd rather not have to buy my own modem but it looks like I may have to...

Platinum Contributor I
prisaz
Posts: 6,811
Registered: ‎08-23-2008

Re: How to block pings with new Westell 7500?

[ Edited ]

6chars wrote:

@dslr- I've been running traceroute for about 25 years.  Thanks though.  In those rare cases I want ip address anonymity I use tor.

 

@prisaz- alas, there isn't a box for me under Remote Administration.  Maybe we're running different firmware :smileysad:  I'd rather not have to buy my own modem but it looks like I may have to...


 

Sorry. I thought I was in the FIOS forum. I have looked through the manual for the 7500 and it states that when the firewall settings are on medium, ping or ICMP responses should be disabled. If the DSL modem is not new or refurbished it could be someone had done something with the default settings to make it not do this. Or if there is a separate DSL modem and this device is being used as a router, the DSL modem could be responding. I would try to go into the "Advanced Menu" and do a "Restore Defaults". You would need to reconfigure your connection once you do this.

 

Here is where I found information for your device. The user manual can be found here. 

http://www22.verizon.com/ResidentialHelp/HighSpeed/General+Support/User+Guides/User+Guides.htm

Message Edited by prisaz on 04-03-2009 07:46 AM
Contributor
6chars
Posts: 3
Registered: ‎03-31-2009
0 Kudos

Re: How to block pings with new Westell 7500?


prisaz wrote:  

Sorry. I thought I was in the FIOS forum. I have looked through the manual for the 7500 and it states that when the firewall settings are on medium, ping or ICMP responses should be disabled. If the DSL modem is not new or refurbished it could be someone had done something with the default settings to make it not do this. Or if there is a separate DSL modem and this device is being used as a router, the DSL modem could be responding. I would try to go into the "Advanced Menu" and do a "Restore Defaults". You would need to reconfigure your connection once you do this.

 

Here is where I found information for your device. The user manual can be found here. 

http://www22.verizon.com/ResidentialHelp/HighSpeed/General+Support/User+Guides/User+Guides.htm

Message Edited by prisaz on 04-03-2009 07:46 AM

Thanks for looking up the manual!  I think their manaul is slightly outdated.  The firewall section looks like my old Westell 327W in that it allowed a script for custom rules.  But my old 7500 didn't allow adding any custom rules and my new 7500 has a totally different (and very crude) page for custom rules.

 

With the old 7500 using medium for the firewall settings did block inbound pings- just like the manual says- and that's what I used.  It doesn't seem to block pings for the new 7500.  It's possible that "Restore Defaults" would change something but the modem should be new.

 

Anyway, I just tried adding a custom rule and it seems to be blocking the inbound pings.  The page is very crude as mentioned.  It seems you can add a rule but not remove one- and there's no way to see which rules you've added!  If you did want to start over, I assume you'd have to restore to factory defaults.

 

In case it helps someone else- this is the rule I added:

 

Protocol: [ICMP Type] [0]

Source Address: [leave ip address blank] [leave subnet blank]

Destination Address:  [leave ip address blank] [leave subnet blank]

Mode: [No Log]

Direction: [Inbound]

 

Account & Services

  • Pay Bill
  • Add/Change Services
  • Manage My Rewards+
  • Renew Your Contract
  • Manage Services
  • Visual 411

Email, News & TV

  • Check Email
  • Announcements

Support Tools