Block Ping Packets From WAN
Ping packets are part of the Internet Control Message Protocol (ICMP), which is used to send error messages and operational information indicating the status of a network. The primary role of ping in network communication is to test the reachability of a host on an IP network, measure round-trip time for messages sent from the originating host to a destination computer, and report errors and packet loss.
Importance of Blocking Ping Packets
Preventing Network Reconnaissance: Ping can be used to identify active devices on a network. By blocking ping packets, you make it harder for potential attackers to map out your network topology and identify targets.
Mitigating DDoS Attacks: ICMP packets, including ping, can be exploited for distributed denial-of-service (DDoS) attacks. By blocking or limiting these packets, you can reduce the risk of such attacks overwhelming your network.
Reducing Exposure: Blocking ping responses can help obscure the presence of network devices from external probes, adding a layer of security through obscurity.
Reducing Network Traffic: By blocking unnecessary ping requests, you can reduce the amount of extraneous traffic on your network, which can help improve overall network performance.
In conclusion, blocking ping packets from the WAN is very important for the security and performance of 4G routers.
Test the 4G router’s ability to block ping packets from WAN ports
Test environment
Router model: WIS901 4G router
Network Configuration:
• WAN port IP address: 192.168.225.95
• LAN port IP: 192.168.1.1
• The Ethernet port of PC1 is connected to the LAN port of the router through a network cable, and the IP address is: 192.168.1.11
Test procedure and results
1. Access the Router’s Configuration Interface
• PC1 browser enters the router management system address: 192.168.1.1 in the address bar to enter the login page.
• Log in with administrative credentials.
2. Configure the Router to Block ICMP Packets
• Navigate to the Firewall System Security section of the router’s interface.
• Find the setting option to block ping packets from the WAN.
• Enable or disable blocking of ping packets from the WAN.
3. Verify Configuration
• Save the changes to ensure the new settings are applied, and wait for the app configuration changes to complete.
4. Conduct a Ping Test from an External Network
• Use a device that is not connected to the router’s local network to send ping requests to the router’s public IP address.
• Use a command line tool or network utility to execute the ping command (e.g., ping ).
5、Document the Test Results
• Disable Block ping packets from the WAN, using devices that are not connected to the router’s local network to send ping requests to the router’s public IP address. As you can see, devices that aren’t connected to the router’s local network can ping the router’s public IP address.
• Enable Block ping packets from the WAN to send ping requests to the router’s public IP address using devices that are not connected to the router’s local network. As you can see, none of the 4 ping requests can be connected to the port, and devices that are not connected to the local network of the router cannot ping the public IP address of the router.
Conclusion
The test results show that the router successfully blocks ping requests from the WAN port. This can effectively prevent the external network from probing the internal network, and improve network security.
Summary
Blocking ping packets from WAN ports on 4G routers is a valuable security measure to help protect against network reconnaissance and certain types of denial-of-service attacks. With structured testing as described above, it can be ensured that the 4G router blocks ping packets from the WAN configuration is both secure and efficient.