What's new

Windows 8.1 - Disabling Ping

op00iuy

Member
Member
Hello everyone,
I am was reading about how DNS on local machines can actually help malware. So I wanted to disable DNS on my local machine completely. That is to say when I execute
Code:
ping www.google.com
from cmd.exe I should get the message could not resolve. How do I do this ? Now obviously I don't want to disable the "Request Timed Out" Message. Since I was reading that it leads to problems in the network. I want to disable DNS from ping completely without any unwanted side-effects to my network. How do I that ?
 

My Computer

System One

  • OS
    Windows 8.1
    CPU
    Intel i7

LMiller7

Active Member
Pro User
DNS can only be enabled or disabled on a global basis. You cannot choose to have DNS enabled but not allow ping to use it. DNS is an essential service for any computer that has Internet access.

Or have I misunderstood your question?
 

My Computer

System One

  • OS
    Windows 7
    Computer type
    PC/Desktop
    Country Flag
    Canada
    State/Region Flag
    ca saskatchewan

op00iuy

Member
Member
DNS can only be enabled or disabled on a global basis. You cannot choose to have DNS enabled but not allow ping to use it. DNS is an essential service for any computer that has Internet access.

Or have I misunderstood your question?

Are you saying that if I disable DNS I will lose Internet access ? I have seen PCs where you cant run ping but have access to the Internet. Isn't DNS done by the DNS servers I specify in my Internet configuration ? Why is there specific services for DNS in Windows then ?
 

My Computer

System One

  • OS
    Windows 8.1
    CPU
    Intel i7

LMiller7

Active Member
Pro User
Are you saying that if I disable DNS I will lose Internet access ?

For all practical purposes, yes.

But DNS and ping are 2 VERY different things.
I believe you can disable ping in the Windows firewall but unsure as to how. Is that what you are wanting to do?
 

My Computer

System One

  • OS
    Windows 7
    Computer type
    PC/Desktop
    Country Flag
    Canada
    State/Region Flag
    ca saskatchewan

pparks1

New Member
VIP Member
Guru
Hello everyone,
I am was reading about how DNS on local machines can actually help malware. So I wanted to disable DNS on my local machine completely. That is to say when I execute
Code:
ping www.google.com
from cmd.exe I should get the message could not resolve. How do I do this ? Now obviously I don't want to disable the "Request Timed Out" Message. Since I was reading that it leads to problems in the network. I want to disable DNS from ping completely without any unwanted side-effects to my network. How do I that ?

If you cannot resolve a DNS name, you will never be able to use the Internet again as your computer wouldn't be able to determine what www.eightforums.com would resolve to. There is no benefit to what you think you want to do.
 

My Computer

System One

  • OS
    Windows 7
    Name
    Patrick Parks
    System Manufacturer/Model
    Self-Built in July 2009
    CPU
    Intel Q9550 2.83Ghz OC'd to 3.40Ghz
    Motherboard
    Gigabyte GA-EP45-UD3R rev. 1.1, F12 BIOS
    Memory
    8GB G.Skill PI DDR2-800, 4-4-4-12 timings
    Graphics Card(s)
    EVGA 1280MB Nvidia GeForce GTX570
    Sound Card
    Realtek ALC899A 8 channel onboard audio
    Monitor(s) Displays
    23" Acer x233H
    Screen Resolution
    1920x1080
    Hard Drives
    Intel X25-M 80GB Gen 2 SSD
    Western Digital 1TB Caviar Black, 32MB cache. WD1001FALS
    PSU
    Corsair 620HX modular
    Occupation
    Systems Engineer.
    Case
    Antec P182
    Cooling
    stock
    Keyboard
    ABS M1 Mechanical
    Mouse
    Logitech G9 Laser Mouse
    Internet Speed
    15/2 cable modem
    Other Info
    Windows and Linux enthusiast. Logitech G35 Headset.
    Country Flag
    USA
    State/Region Flag
    us michigan

oneeyed

New Member
Pro User
Advanced Settings > Inbound Rules > New Rule > Custom > All Programs > Protocol Type : ICMPv4 + Customize > Specific > Echo Request > OK
Next > Any Ip or select appropriate ones > Block Connection > Apply to whatever domain you want > FinishRepeat this procedure with ICMPv6 if you're using it too.

If you have a hardware router this can usually be done via its settings too. On mine it takes a few clicks, much easier than Windows Firewall.

Ping can be used to check if your system is there basically. It can be used by malicious users of course, but as it is, it's only a harmless tool. Kind of like a thief calling your house to see if you're home. Not really a good reason to get rid of phones, is it ? (Yes I have Ping disabled on my own PCs, but I'm paranoid and I've accepted that)
 

My Computer

System One

  • OS
    Windows 8.1 (x64)
    Computer type
    PC/Desktop

op00iuy

Member
Member
Advanced Settings > Inbound Rules > New Rule > Custom > All Programs > Protocol Type : ICMPv4 + Customize > Specific > Echo Request > OK
Next > Any Ip or select appropriate ones > Block Connection > Apply to whatever domain you want > FinishRepeat this procedure with ICMPv6 if you're using it too.
Is the following rule that you have given here used for blocking someone who pings my computer from within my network ? Because After applying the rule I can still use ping to ping google.com and my local DNS. Also does blocking ping cause any adverse effects in the network ?
Ping can be used to check if your system is there basically. It can be used by malicious users of course, but as it is, it's only a harmless tool. Kind of like a thief calling your house to see if you're home. Not really a good reason to get rid of phones, is it ? (Yes I have Ping disabled on my own PCs, but I'm paranoid and I've accepted that)

You can never be too careful these days. Tell me something, in your opinion does blocking ping actually help ? I mean what are the types of malicious attacks can be done with the help of ping and how does blocking the inbound ping request stop them ?
 

My Computer

System One

  • OS
    Windows 8.1
    CPU
    Intel i7

LMiller7

Active Member
Pro User
Typically the firewall would not effect internal network activities. I believe that Windows firewall will normally only block incoming pings, not outgoing. Ping is a relatively minor security risk. Most systems have more serious problems.

Ping is a non essential function and can be disabled with no adverse effects. Many websites (including most operated by Microsoft) block incoming pings as a security measure. But security on a well known and highly used website and security on a home network are very different things.
 

My Computer

System One

  • OS
    Windows 7
    Computer type
    PC/Desktop
    Country Flag
    Canada
    State/Region Flag
    ca saskatchewan

mikeytg

New Member
Pro User
You can never be too careful these days. Tell me something, in your opinion does blocking ping actually help ? I mean what are the types of malicious attacks can be done with the help of ping and how does blocking the inbound ping request stop them ?

Ping is not a vulnerability in itself, but a response to a ping lets a potential attacker know that you are there and he can then bring all guns to bear on your IP address and let you have it with his arsenal of attacks.
 

My Computer

System One

  • OS
    Windows 8.1 consumer 64 bit
    Name
    Mikey
    Computer type
    Laptop
    System Manufacturer/Model
    Acer Aspire M5 481PT-6644
    CPU
    Intel Core I5
    Memory
    6 GB
    Hard Drives
    Spinning/SSD hybrid 500GB/20GB
    Occupation
    Slacker
    Mouse
    ELAN Trackpad
    Internet Speed
    18mbs/5mbs
    Browser
    Chrome
    Antivirus
    Windows Defender
    Country Flag
    USA
    State/Region Flag
    us new jersey

TairikuOkami

Be nice to all, please?!
Pro User
I am was reading about how DNS on local machines can actually help malware.
Was not that related to DNS caching? You can disable DNS Cache service safely, just set DNS manually.
I have disabled so much, that Windows thinks, that there is no network, Windows Update or ping fail too.

But disabling ping locally does not do anything, if you are online, you are traceable, but I would not worry about it, as long as you have ports closed, there is not much a hacker can do. Closed by a router or stealthed by a firewall, it is all the same. Actually, if you fail to respond a ping with destination unreachable, it will send a clear message, I am here, but I am hiding, it will draw an attention, so it is kind of counterproductive.
 

Attachments

  • capture_07302014_125813.jpg
    capture_07302014_125813.jpg
    107.6 KB · Views: 22
  • capture_07302014_125625.jpg
    capture_07302014_125625.jpg
    35.3 KB · Views: 26

My Computer

System One

  • OS
    Win 8.1.1 Pro x64
    Computer type
    Laptop
    System Manufacturer/Model
    Lenovo E525
    CPU
    AMD A4-3300M @ 2,0GHz
    Memory
    6GB DDR3 1333MHz
    Graphics Card(s)
    AMD Radeon HD 6480G 512MB shared
    Sound Card
    Creative Sound Blaster X-Fi Surround 5.1
    Screen Resolution
    1366x768
    Hard Drives
    WD 465GB
    Cooling
    Fusion Tweaker
    Keyboard
    Logitech K360
    Mouse
    Logitech M705
    Internet Speed
    50/50 MBps
    Browser
    Yandex
    Antivirus
    No AV & No Firewall
    Other Info
    Headphones: Sennheiser RS170
    Country Flag
    Slovakia

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

Top