The "Block Anonymous Internet Requests" blocks any ICMP (internet control message protocol) traffic to the router on the internet side. ICMP controls many aspects of the IP protocol. Through ICMP routers and computers are able to negotiate the MTU, send updates about redirections, routing issues, and more. ICMP is important for IP to work correctly and properly in the internet.

Most people reduce this option to blocking pings on the internet IP address of the router. Pings is the most prominent ICMP message and thus it is often not differentiated between pings and ICMP. Blocking ICMP is supposed to make "invisible" or "not detected" from the internet because the router does not respond to pings. In reality, ICMP and IP work differently because for a computer to be really invisible the router responsible for the destination IP address would send a "destination not reachable". Not responding instead is a good indication that there is something which is simply not responding.

Therefore, block ICMP in the internet can result in connection instabilities because important control messages for IP are blocked and simply ignored. Thus, there is no real benefit blocking ICMP.

Moreover, don't randomly set or change the MTU. There is a way to determine whether your MTU setting makes a problem. Check this FAQ article for more details.

Message Edited by gv on 06-07-200706:41 PM

Usually the setting should not make a difference. If it does make a difference for your internet connection set it the way you have less trouble. What I tried to explain is that from the security perspective it does not really make a difference whether you have enabled it or not.

Why it is set by default? Well, I guess because otherwise there would be a lot of people you would claim that it is irresponsible to ship a router with such a "insecure" setting. Those people expect that the router is "invisible" and "stealth" in the internet so that no bad guy in the internet is even able to notice the presence of your computer/router in the internet. "Stealth" is a big hype and many people consider it a must even though it is basically a marketing gag and not much more. As it usually does not matter whether the router answers to pings or not they have simply turned in on by default. Most people never get to this setting on the router anyway and won't even know it is there. And thus those people will be happy to see that various internet port scanners report their router "stealthed" and don't worry. There would be nothing to worry if the router answered ICMP but try to explain that to someone without going to deep into the technical details...