Reply
mealto
Posts: 14
Registered: ‎06-05-2007

Enabling Block Anonymous Internet Requests Kills Internet on WRT54GL

We have been back and forth with Linksys tech support. Figured out that although gateway (192.168.1.1) can be pinged, sometimes DNS cannot (4.2.2.2). Then internet is choppy and not usable. After unchecking "Block Anonymous Internet Requests" then network seems to run smoother.

Never had this issue with the unit (WRT54GL) for the past year. Just starting to show some signs of this. Running latest firmware (Firmware Version: v4.30.9) from Linksys.

What exactly is "Block Anonymous Internet Requests" and why does the network fail all of a sudden not work now? It has been running fine for about 1 year with this option enabled.
 
Is the unit dieing?
castor
Posts: 3,376
Registered: ‎09-07-2006

Re: Enabling Block Anonymous Internet Requests Kills Internet on WRT54GL

When you enable the Block WAN Request feature, you can prevent your network or Internet IP from being "pinged," and detected, by other unauthorized Internet users…anyways after upgrading the firmware on the router has you reset the device?? If no reset the router back to factory default settings and reconfigure it according to ISP settings, also reduce MTU to 1458…

Expert
Expert
Posts: 12,649
Registered: ‎07-16-2006

Re: Enabling Block Anonymous Internet Requests Kills Internet on WRT54GL

[ Edited ]
The "Block Anonymous Internet Requests" blocks any ICMP (internet control message protocol) traffic to the router on the internet side. ICMP controls many aspects of the IP protocol. Through ICMP routers and computers are able to negotiate the MTU, send updates about redirections, routing issues, and more. ICMP is important for IP to work correctly and properly in the internet.

Most people reduce this option to blocking pings on the internet IP address of the router. Pings is the most prominent ICMP message and thus it is often not differentiated between pings and ICMP. Blocking ICMP is supposed to make "invisible" or "not detected" from the internet because the router does not respond to pings. In reality, ICMP and IP work differently because for a computer to be really invisible the router responsible for the destination IP address would send a "destination not reachable". Not responding instead is a good indication that there is something which is simply not responding.

Therefore, block ICMP in the internet can result in connection instabilities because important control messages for IP are blocked and simply ignored. Thus, there is no real benefit blocking ICMP.

Moreover, don't randomly set or change the MTU. There is a way to determine whether your MTU setting makes a problem. Check this FAQ article for more details.

Message Edited by gv on 06-07-200706:41 PM

mealto
Posts: 14
Registered: ‎06-05-2007

Re: Enabling Block Anonymous Internet Requests Kills Internet on WRT54GL

ok, so "Block Anonymous Internet Requests" should be disabled to help with connectivity. Then why would Linksys use enabled as a default option? Just curious.
Expert
Expert
Posts: 12,649
Registered: ‎07-16-2006

Re: Enabling Block Anonymous Internet Requests Kills Internet on WRT54GL

Usually the setting should not make a difference. If it does make a difference for your internet connection set it the way you have less trouble. What I tried to explain is that from the security perspective it does not really make a difference whether you have enabled it or not.

Why it is set by default? Well, I guess because otherwise there would be a lot of people you would claim that it is irresponsible to ship a router with such a "insecure" setting. Those people expect that the router is "invisible" and "stealth" in the internet so that no bad guy in the internet is even able to notice the presence of your computer/router in the internet. "Stealth" is a big hype and many people consider it a must even though it is basically a marketing gag and not much more. As it usually does not matter whether the router answers to pings or not they have simply turned in on by default. Most people never get to this setting on the router anyway and won't even know it is there. And thus those people will be happy to see that various internet port scanners report their router "stealthed" and don't worry. There would be nothing to worry if the router answered ICMP but try to explain that to someone without going to deep into the technical details...