IPv6 ICMP: the solution, but do we really need it?

Slavic

Active member
Member
Local time
4:04 PM
Posts
73
If you performed the IPv6 test on IPv6 test - IPv6/4 connectivity and speed test (it should be noted, there are some other IPv6 test websites), you most likely noticed that it shows your PC unreachable by ICMP protocol. This is the common result for most of Windows OS, not only 11. But the pop-up explanation says that "IPv6 relies heavily on ICMP".

In some case ICMP filtering may be performed by local router, rarely by ISP, most often by Windows Firewall. Firewall settings depend on Windows version; to enable ICMP echo in Windows 11 you need to do this:
1. Open Settings, Network & internet, Advanced network settings, Windows Firewall link (it opens Windows Security window, Firewall & network protection).
2. Open Advanced settings link (it opens Windows Defender Firewall and Advanced Security window).
3. Select Inbound Rules, then Core Networking Diagnostics - ICMP Echo Request (ICMPv6-In); there are two profiles with this name, need to select "Private, Public" profile, not "Domain". By default, this rule is disabled.
4. Open the rule window, on the General tab select Enabled, then on the Scope tab in "Remote IP address" group select "Any IP address" instead of predefined "Local subnet".
5. OK, close all opened windows.
Now you can perform the test again and it should show ICMP as Reachable.

But does this solution really improves IPv6 connectivity, for example, for better stability of VPN or other services like online videogames? Or the disadvantage in possible exposing of IPv6 address by echo reply is more significant than possible, but not very important benefits.
 

My Computer

System One

  • Operating System
    Windows 11 Pro (RP); Windows 8.1 Pro
    Computer type
    PC/Desktop
    CPU
    i7-6700 (Skylake)
    Motherboard
    Asus Maximus VIII Gene (no TPM)
    Memory
    16 GB
    Graphics Card(s)
    Asus GeForce 1050 Ti, 4 GB
    Monitor(s) Displays
    Philips 235PQ
    Screen Resolution
    1920x1080 (FHD)
    Hard Drives
    Windows 11: Samsung SSD 870 EVO, 500 GB (SATA), MBR
    Windows 8.1: Samsung SSD 950 PRO, 512 GB (M.2), MBR
    PSU
    Platimax D.F. 1050 W (80 Plus Platinum)
    Browser
    Google Chrome

Quandary

Active member
Member
Local time
9:04 AM
Posts
104
Good catch. On Win 10 that measurement shows as FIltered, but the overall score for my 2 PC's is the same. The VPN I use does not have IPV6 protection but has a switch for IP/DNS Protection (which disables IPV6).
No observed network or connectivity issues with Win 11 so no apparent need to enable ICMP on my PC.
 

My Computer

System One

  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP / Spectre x360 Convertible 13
    CPU
    i5-8250U
    Motherboard
    83B9 56.50
    Memory
    8GB
    Graphics Card(s)
    Intel(R) UHD Graphics 620
    Sound Card
    Realtek High Definition Audio(SST)
    Screen Resolution
    1920 x 1080
    Hard Drives
    Toshiba 256GB SSD
    Internet Speed
    500Mbps
    Browser
    Firefox, Edge
    Antivirus
    Windows Defender

Dru2

Well-known member
Member
VIP
Local time
9:04 AM
Posts
608
Location
Virginia
But does this solution really improves IPv6 connectivity, for example, for better stability of VPN or other services like online videogames? Or the disadvantage in possible exposing of IPv6 address by echo reply is more significant than possible, but not very important benefits.

Yeah, at the end of the day that's my question - what's the overall benefits?
 

My Computers

System One System Two

  • Operating System
    Win 10 Pro (x64) 21H1 (19043.1055)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom built
    CPU
    Intel i9-9900K
    Motherboard
    Gigabyte Aorus Z390 Xtreme
    Memory
    32G (4x8) DDR4 Corsair RGB Dominator Platinum (3600Mhz)
    Graphics Card(s)
    Radeon VII
    Sound Card
    Onboard (ESS Sabre HiFi using Realtek drivers)
    Monitor(s) Displays
    NEC PA242w (24 inch)
    Screen Resolution
    1920 x 1200
    Hard Drives
    5 Samsung SSD drives: 2X 970 NVME (512 & 1TB), 3X EVO SATA (2X 2TB, 1X 1TB)
    PSU
    EVGA Super Nova I000 P2 (1000 watt)
    Case
    Cooler Master H500M
    Cooling
    Corsair H115i RGB Platinum
    Keyboard
    Logitech Craft
    Mouse
    Logitech MX Master 2S
    Internet Speed
    100mb
    Browser
    Edge Chromium
    Antivirus
    Windows Security
    Other Info
    System used for gaming and photography.
  • Operating System
    Win 11 Pro Dev build 22454.1000
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkPad Yoga X1
    CPU
    Intel i7-7600U
    Motherboard
    Intel
    Memory
    16igg
    Graphics card(s)
    Intel HD 620
    Sound Card
    Onboard
    Monitor(s) Displays
    14.0 WQHD OLED Touch
    Screen Resolution
    2560 x 1440
    Hard Drives
    1TB NVMe Drive (OEM)
    PSU
    laptop
    Case
    laptop
    Cooling
    Laptop cooling
    Mouse
    Logitech MX Anywhere 2S
    Keyboard
    Laptop
    Internet Speed
    100MB
    Browser
    Edge Chromium
    Antivirus
    Windows Security

Bree

Well-known member
Power User
VIP
Local time
2:04 PM
Posts
892
Location
S/E England, UK
But does this solution really improves IPv6 connectivity, for example, for better stability of VPN or other services like online videogames? Or the disadvantage in possible exposing of IPv6 address by echo reply is more significant than possible, but not very important benefits.
Yeah, at the end of the day that's my question - what's the overall benefits?

According to Cloudfare (CDN provider to many websites, including this one)....

What is ICMP used for?

The primary purpose of ICMP is for error reporting. When two devices connect over the Internet, the ICMP generates errors to share with the sending device in the event that any of the data did not get to its intended destination. For example, if a packet of data is too large for a router, the router will drop the packet and send an ICMP message back to the original source for the data.

A secondary use of ICMP protocol is to perform network diagnostics; the commonly used terminal utilities traceroute and ping both operate using ICMP....

As both Tracert and Ping work fine without enabling inbound ICMP connections in the W10/W11 Firewall I see not advantage in removing the filtering, only the possibility of making your machine more exposed to others who may be trying to probe it.
 

My Computers

System One System Two

  • Operating System
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Acer Aspire 3 A315-23
    CPU
    AMD Athlon Silver 3050U
    Memory
    8GB
    Graphics Card(s)
    Radeon Graphics
    Monitor(s) Displays
    laptop screen
    Screen Resolution
    1366x768 native resolution, up to 2560x1440 with Radeon Virtual Super Resolution
    Hard Drives
    1TB HDD
    Browser
    Edge, Firefox
    Antivirus
    Defender
    Other Info
    fully 'Windows 11 ready' laptop. Windows 10 C: partition migrated from my old unsupported 'main machine' then upgraded to 11. Now 11 has been released it has been re-imaged back to 10 and awaits the upgrade to be offered in Windows Update.


    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB ssd, Windows 11 Pro.
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell Lattitude E4310
    CPU
    i5 M 520
    Motherboard
    0T6M8G
    Memory
    4GB
    Screen Resolution
    1366x768
    Hard Drives
    500GB HDD
    Browser
    Firefox, Edge
    Antivirus
    Defender
    Other Info
    unsupported machine: Legacy bios, MBR, TPM 1.2, upgraded from W10 to W11 using W10/W11 hybrid install media workaround.


    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB ssd, Windows 11 Pro.

Slavic

Active member
Member
Thread Starter
Local time
4:04 PM
Posts
73
As both Tracert and Ping work fine without enabling inbound ICMP connections in the W10/W11 Firewall I see not advantage in removing the filtering, only the possibility of making your machine more exposed to others who may be trying to probe it.
Although I don't have much proficiency in networking, my conclusions are nearly the same: right now there are no obvious reasons to enable ICMP for getting two extra points in results of IPv6 test.

Currently we live in the net world with mixed IPv4/IPv6 protocols, which is still mostly v4. Switching from v4 to v6 (and back) in most cases happens behind the scene, transparently for a user; in particular, v4 can work as a failsafe option. At least for PCs, which still receive IPv4 addresses, either from global or private net from ISP or local router; contrary to growing IoT devices which should use primarily IPv6 addresses because of their supposed myriads in number. Well, for PC v6 may have some advantages right now, if you install some services or apps (like streaming video or game) which demand or at least count on IPv6, but they almost certainly will add the specific rule, including ICMP support, to Windows Firewall during the installation or at the first start. And that rule will be limited to app or service only, not exposing your PC all the time.

But what was a reason to include ICMP to IPv6 tests? I think that it allows to test local network behind the PC. When you enable ICMP echo on PC, you should see it reachable if your local net devices as well as ISP don't block this protocol. If they block, need to perform some actions like enable ICMP in router or replace it to more modern device. If your test is OK, no reason to keep ICMP enabled. It's also possible to check this without modifications described in my first post, simply switching off the Windows Firewall for a few seconds.

Unfortunately, this explanation why need to enable ICMP only temporarily for testing the local network devices is not mentioned on the IPv6 test website.
 

My Computer

System One

  • Operating System
    Windows 11 Pro (RP); Windows 8.1 Pro
    Computer type
    PC/Desktop
    CPU
    i7-6700 (Skylake)
    Motherboard
    Asus Maximus VIII Gene (no TPM)
    Memory
    16 GB
    Graphics Card(s)
    Asus GeForce 1050 Ti, 4 GB
    Monitor(s) Displays
    Philips 235PQ
    Screen Resolution
    1920x1080 (FHD)
    Hard Drives
    Windows 11: Samsung SSD 870 EVO, 500 GB (SATA), MBR
    Windows 8.1: Samsung SSD 950 PRO, 512 GB (M.2), MBR
    PSU
    Platimax D.F. 1050 W (80 Plus Platinum)
    Browser
    Google Chrome

johnlgalt

Antidisestablishmentarianistentarianist
Power User
VIP
Local time
9:04 AM
Posts
1,922
Location
3rd Rock
Interestingly enough, I just cleanly installed Windows 11 yesterday.

183.png

So, based upon that, I suppose if it detects that IPv6 is natively supported, it enables the ICMP by default then?

Background - I know that my connection to the world via AT&T Lightspeed FttH supports IPv6, but it was disabled by default in the router. After double checking in my internal network, running on a Google WiFi network, also can support it natively, I enabled it on the Residential Gateway (AT&T's fancy word for AIO modem + router), and then enable it on my Google WiFi, and had mixed results with my old system. But since it seemed to work some times I kinda left it all enabled and forgot about it.

Now it seems that it works perfectly fine with more modern hardware - but, I'm also hardwired into the main Google WiFi puck, which has a hardline running to it from the RG, so I have full wired access to my connection, versus using WiFi. Technically, I could check via WiFi, but the results should be no different, since my wired connection is routed through the Google WiFi puck, and Google WiFi is handling the DHCP and DNS, as that is how I've set it up.


I'm kinda giggling, though, that they are docking points for me not having a unique identifier (aka hostname) for my computer - and because of the fallback to IPv4 is set too ... fast?

Because, yeah, I want everyone to be able to identify me and my unique machine even more so than they already can through my browser, thanks! Oh, and failsafes? We don' need no stinkin' failsafes!

Sigh.
 

My Computers

System One System Two

  • Operating System
    Windows 10 Pro X64
    Computer type
    PC/Desktop
    Manufacturer/Model
    HomeBrew
    CPU
    AMD Ryzen 9 3950X
    Motherboard
    MSI MEG X570 GODLIKE
    Memory
    4 * Corsair Vengeance 32 GB 3600 MHz
    Graphics Card(s)
    eVGA GeForce GTX 970 SSC ACX 2.0 (04G-P4-3979-KB)
    Sound Card
    Realtek® ALC1220 Codec
    Monitor(s) Displays
    2 * Lenovo LT2323pwA Widescreeen
    Screen Resolution
    2* 1920*1080
    Hard Drives
    3x Sabrent Rocket PCIe Gen4 NVMe M.2 1 TB SSD (SB-ROCKET-NVMe4-1TB)
    SanDisk Ultra SDSSDHII-960G-G25 960 GB SATA III SSD
    Crucial MX100 CT256MX100SSD1 256GB SATA III SSD
    2 * Seagate Barracuda 7200.12 ST31000528AS 1TB 7200 RPM --> RAID1
    PSU
    PC Power & Cooling’s Silencer Series 1050 Watt, 80 Plus Platinum
    Case
    Fractal Design Define 7 XL Dark ATX Full Tower Case
  • Operating System
    Windows 10 x64 Pro build 21H1
    Computer type
    Laptop
    Manufacturer/Model
    Dell Latitude E5470
    CPU
    Intel(R) Core(TM) i5-6300U CPU @ 2.40GHz, 2501 Mhz, 2 Core(s), 4 Logical Processor(s)
    Motherboard
    Dell
    Memory
    16 GB
    Graphics card(s)
    Intel(R) HD Graphics 520
    Sound Card
    Intel(R) HD Graphics 520 + RealTek Audio
    Monitor(s) Displays
    Dell laptop display 15"
    Screen Resolution
    1920 * 1080
    Hard Drives
    Toshiba 128GB M.2 22300 drive
    INTEL Cherryvill 520 Series SSDSC2CW180A 180 GB SATA III SSD
    PSU
    Dell
    Case
    Dell
    Cooling
    Dell
    Mouse
    Logitech MX Master (shared) | Dell TouchPad
    Keyboard
    Dell
    Internet Speed
    AT&T LightSpeed Gigabit Duplex
    Browser
    Edge Chromium | Chrome | Firefox Nightly | Brave
    Antivirus
    Defender + MB4

Slavic

Active member
Member
Thread Starter
Local time
4:04 PM
Posts
73
OK, here are my test results (with local addresses removed, of course):

ipv6test.png
I enabled ICMP for this test to get maximum possible points, 19 of 20. My PC doesn't have IPv6 hostname, in theory I could get one using one of dynamic DNS services, but it was never supposed to work as a server and become reachable from the outside. Yes, some people keep home servers with remote access to docs, media files, home devices from outside, but it's not my case. IPv6 also was not enabled in my router by default, I had to switch the protocol manually to IPv4/v6. After that, all works well.

Fallback in 1 second is a feature of web browser, Google Chrome 93; Edge shows the same 1 sec. If you repeat the test, the result may be improved. If not, it's a Windows or maybe a network problem (never solved this yet).

Why your ICMP test was not performed? The port may be blocked by ISP or router, to check this, you can do the same test using Wi-Fi connection and/or using other PC or mobile device. Sure, you don't need ICMP for common work, only if you will install a specific service in the future...
 

My Computer

System One

  • Operating System
    Windows 11 Pro (RP); Windows 8.1 Pro
    Computer type
    PC/Desktop
    CPU
    i7-6700 (Skylake)
    Motherboard
    Asus Maximus VIII Gene (no TPM)
    Memory
    16 GB
    Graphics Card(s)
    Asus GeForce 1050 Ti, 4 GB
    Monitor(s) Displays
    Philips 235PQ
    Screen Resolution
    1920x1080 (FHD)
    Hard Drives
    Windows 11: Samsung SSD 870 EVO, 500 GB (SATA), MBR
    Windows 8.1: Samsung SSD 950 PRO, 512 GB (M.2), MBR
    PSU
    Platimax D.F. 1050 W (80 Plus Platinum)
    Browser
    Google Chrome

johnlgalt

Antidisestablishmentarianistentarianist
Power User
VIP
Local time
9:04 AM
Posts
1,922
Location
3rd Rock
I did not manually enable ICMP, and I'm wondering if it is because I am (pretty much) double NATd - I have my Google WiFi inside of my AT&T RG, and I did not perform any port forwarding / bridging / etc between the RG and the GW, so that GW gets an IP from the RG and all my systems get an IP from the GW. So, being double NATd, I suspect that may be why it doesn't bother to check ICMP. Of course, I amy be wrong, that may have no effect on it - this setup certainly has no effect on anything else I do, so....

As for the fallback - I use Firefox. so it's 7. I suppose I could change that if need be - but I'm not enabling ICMP for nothing. I don't need a high score, I need it to work first and foremost - and it does work as things stand right now exactly as I have it set up.

So, if it is not broken, I'm not going to try to fix it. :wink:
 

My Computers

System One System Two

  • Operating System
    Windows 10 Pro X64
    Computer type
    PC/Desktop
    Manufacturer/Model
    HomeBrew
    CPU
    AMD Ryzen 9 3950X
    Motherboard
    MSI MEG X570 GODLIKE
    Memory
    4 * Corsair Vengeance 32 GB 3600 MHz
    Graphics Card(s)
    eVGA GeForce GTX 970 SSC ACX 2.0 (04G-P4-3979-KB)
    Sound Card
    Realtek® ALC1220 Codec
    Monitor(s) Displays
    2 * Lenovo LT2323pwA Widescreeen
    Screen Resolution
    2* 1920*1080
    Hard Drives
    3x Sabrent Rocket PCIe Gen4 NVMe M.2 1 TB SSD (SB-ROCKET-NVMe4-1TB)
    SanDisk Ultra SDSSDHII-960G-G25 960 GB SATA III SSD
    Crucial MX100 CT256MX100SSD1 256GB SATA III SSD
    2 * Seagate Barracuda 7200.12 ST31000528AS 1TB 7200 RPM --> RAID1
    PSU
    PC Power & Cooling’s Silencer Series 1050 Watt, 80 Plus Platinum
    Case
    Fractal Design Define 7 XL Dark ATX Full Tower Case
  • Operating System
    Windows 10 x64 Pro build 21H1
    Computer type
    Laptop
    Manufacturer/Model
    Dell Latitude E5470
    CPU
    Intel(R) Core(TM) i5-6300U CPU @ 2.40GHz, 2501 Mhz, 2 Core(s), 4 Logical Processor(s)
    Motherboard
    Dell
    Memory
    16 GB
    Graphics card(s)
    Intel(R) HD Graphics 520
    Sound Card
    Intel(R) HD Graphics 520 + RealTek Audio
    Monitor(s) Displays
    Dell laptop display 15"
    Screen Resolution
    1920 * 1080
    Hard Drives
    Toshiba 128GB M.2 22300 drive
    INTEL Cherryvill 520 Series SSDSC2CW180A 180 GB SATA III SSD
    PSU
    Dell
    Case
    Dell
    Cooling
    Dell
    Mouse
    Logitech MX Master (shared) | Dell TouchPad
    Keyboard
    Dell
    Internet Speed
    AT&T LightSpeed Gigabit Duplex
    Browser
    Edge Chromium | Chrome | Firefox Nightly | Brave
    Antivirus
    Defender + MB4

clam1952

Well-known member
Member
VIP
Local time
2:04 PM
Posts
256
Location
Crewe, Cheshire, UK
I would assume that if it was important, remembering that MS is all for iPV6, it wouldn't be filtered by the firewall, so leaving well alone.
 

My Computers

System One System Two

  • Operating System
    Windows 11 21H2 OS Build 22000.282
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self Build
    CPU
    AMD Ryzen 7 3800X
    Motherboard
    Asus PRIME B350-PLUS
    Memory
    16GB Corsair Vengeance LPX DDR4 @3000Mhz
    Graphics Card(s)
    Gigabyte Aorus GTX1080TI
    Sound Card
    On Board Realtec
    Monitor(s) Displays
    Acer KA241
    Screen Resolution
    1920 x 1080 @60Hz
    Hard Drives
    240GB PNY CS900 SSD - OS
    1 TB Crucial MX500 SSD
    500GB Crucial MX300 SSD
    2TB Seagate ST2000DM001-1ER164
    2TB Seagate ST2000DM008-2FR102
    4TB Seagate ST4000DM000-1F2168
    PSU
    EVGA 750GQ Gold Certified
    Case
    Cooler Master 690 III
    Cooling
    Akasa AK98 5 Case Fans
    Keyboard
    Logitech K270 - wireless
    Mouse
    Logitech - wireless
    Internet Speed
    BT Fibre 75 Mbps
    Browser
    Firefox
    Antivirus
    Windows Defender
    Other Info
    Use hardware KVM to switch monitors on three PCs and software (input director) to use mouse and keyboard on all 4 PCs.
  • Operating System
    Windows 11 Pro 21H2 build 22000.282
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Inspiron 3881 - modified with SFX PSU fitted internally
    CPU
    Intel i5 - 10400
    Motherboard
    Dell 032w55 version A00
    Memory
    16GB of HyperX Fury @ 2133 Mhz
    Graphics card(s)
    EVGA 6GB GTX 1060.
    Sound Card
    Builtin
    Monitor(s) Displays
    ACER KA241
    Screen Resolution
    1920x 1080 @60Hz
    Hard Drives
    256GB SK hynix NVMe
    1TB Western Digital WD10EZEX-75WN4A1
    PSU
    Modular 450 Watt Corsair SF450 Platinum ( Mod to replace the Dell 65 Watt PSU)
    Case
    Inspiron Small Desktop
    Cooling
    Dell stock cooler
    Mouse
    Dell
    Keyboard
    Dell
    Internet Speed
    BT Fibre 75 Mbps
    Browser
    Firefox
    Antivirus
    Windows Defender
    Other Info
    Use hardware KVM to switch monitors on three PCs and software (input director) to use mouse and keyboard on all 4 PCs.

tonez4466

Member
Local time
2:04 PM
Posts
37
I will await until it becomes an issue but TFHU
 

My Computer

System One

  • Operating System
    win11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Me
    CPU
    i9 10850
    Motherboard
    MS-7C75
    Memory
    16GB
    Graphics Card(s)
    nVIDEA Geoforce 3070
    Sound Card
    Onboard
    Monitor(s) Displays
    Samsung 55inch TV
    Screen Resolution
    3040 X 2160
    Hard Drives
    6TB over 4 drives
    Case
    generic
    Cooling
    water cooled
    Keyboard
    generic
    Mouse
    generic
    Internet Speed
    500mb
    Browser
    various
    Antivirus
    ATM Bitdefender

geneo

You've got to pick up every stitch
Power User
VIP
Local time
9:04 AM
Posts
699
Interestingly enough, I just cleanly installed Windows 11 yesterday.

View attachment 7748

So, based upon that, I suppose if it detects that IPv6 is natively supported, it enables the ICMP by default then?
Did you click on the hamburger by the score?

Screenshot 2021-09-13 194345.png
 

My Computers

System One System Two

  • Operating System
    Windows 11 Pro x64
    Computer type
    PC/Desktop
    Manufacturer/Model
    DIY
    CPU
    10900KF, 5.1 GHz delid
    Motherboard
    Asus Maximus Hero XII Wifi
    Memory
    64GB G.skill TridentZ RGB 3200CL14 B-die @ 3600 CL16
    Graphics Card(s)
    Asus ROG Strix 2070 Super A8G
    Sound Card
    Onboard Audio, Vanatoo Transparent One; Klipsch R-12SWi Sub
    Monitor(s) Displays
    Eizo CG2730, ViewSonic VP2768
    Screen Resolution
    2560 x 1440p x 2
    Hard Drives
    Samsung 960 Pro 512 GB (OS), Samsung 980 1TB, Raid 0: 1TB 850 EVO + 1TB 860 EVO. Sabrent USB-C DS-SC5B docking station: 6TB WDC Black, 6TB Ironwolf Pro; 2TB WDC Black
    PSU
    750W Seasonic Prime Ultra Titanium
    Case
    Fractal Design Meshify 2
    Cooling
    EK-AIO 360 D-RGB w/Phanteks 120 T30 fans, 2x Noctua NF-A14 Chromax case
    Keyboard
    Glorious GMMK TKL - Brown mechanical
    Mouse
    Logitech G305 wireless gaming
    Internet Speed
    120 Mb/s down, 12 Mb/s up
    Browser
    Firefox
    Antivirus
    Defender, Macrium Reflect 8 ;-)
    Other Info
    Logitech C920e Webcam
  • Operating System
    Mac OS Big Sur
    Computer type
    Laptop
    Manufacturer/Model
    Apple 13" Macbook Pro 2020 (m1)
    CPU
    M1
    Monitor(s) Displays
    2560x1600

johnlgalt

Antidisestablishmentarianistentarianist
Power User
VIP
Local time
9:04 AM
Posts
1,922
Location
3rd Rock
No. My score today is 17, and ICMP is supposedly being filtered. And I'm fine with that.
 

My Computers

System One System Two

  • Operating System
    Windows 10 Pro X64
    Computer type
    PC/Desktop
    Manufacturer/Model
    HomeBrew
    CPU
    AMD Ryzen 9 3950X
    Motherboard
    MSI MEG X570 GODLIKE
    Memory
    4 * Corsair Vengeance 32 GB 3600 MHz
    Graphics Card(s)
    eVGA GeForce GTX 970 SSC ACX 2.0 (04G-P4-3979-KB)
    Sound Card
    Realtek® ALC1220 Codec
    Monitor(s) Displays
    2 * Lenovo LT2323pwA Widescreeen
    Screen Resolution
    2* 1920*1080
    Hard Drives
    3x Sabrent Rocket PCIe Gen4 NVMe M.2 1 TB SSD (SB-ROCKET-NVMe4-1TB)
    SanDisk Ultra SDSSDHII-960G-G25 960 GB SATA III SSD
    Crucial MX100 CT256MX100SSD1 256GB SATA III SSD
    2 * Seagate Barracuda 7200.12 ST31000528AS 1TB 7200 RPM --> RAID1
    PSU
    PC Power & Cooling’s Silencer Series 1050 Watt, 80 Plus Platinum
    Case
    Fractal Design Define 7 XL Dark ATX Full Tower Case
  • Operating System
    Windows 10 x64 Pro build 21H1
    Computer type
    Laptop
    Manufacturer/Model
    Dell Latitude E5470
    CPU
    Intel(R) Core(TM) i5-6300U CPU @ 2.40GHz, 2501 Mhz, 2 Core(s), 4 Logical Processor(s)
    Motherboard
    Dell
    Memory
    16 GB
    Graphics card(s)
    Intel(R) HD Graphics 520
    Sound Card
    Intel(R) HD Graphics 520 + RealTek Audio
    Monitor(s) Displays
    Dell laptop display 15"
    Screen Resolution
    1920 * 1080
    Hard Drives
    Toshiba 128GB M.2 22300 drive
    INTEL Cherryvill 520 Series SSDSC2CW180A 180 GB SATA III SSD
    PSU
    Dell
    Case
    Dell
    Cooling
    Dell
    Mouse
    Logitech MX Master (shared) | Dell TouchPad
    Keyboard
    Dell
    Internet Speed
    AT&T LightSpeed Gigabit Duplex
    Browser
    Edge Chromium | Chrome | Firefox Nightly | Brave
    Antivirus
    Defender + MB4

Aramil

Member
Local time
2:04 PM
Posts
8
Allowing incoming ICMPv6 echo requests is fine. The main risk you run if you allow them in is that if someone finds a stable (non-temporary/privacy) address for e.g. your laptop then they can keep pinging it to see when it's switched on. That might be considered a privacy risk. They'll have to find such an address first though, because for outgoing connections it will use its temporary privacy addresses.

While IPv4 and fallback is still mainstream ICMP is not vital to continued operation, but going forward "if/as" site's and programs begin to use IPv6 as the main with less and less IPv4 as fall back it might become more of an issue. The IPv6 equivalent of ARP is neighbour-discovery, which uses ICMP packets as well. The stateless auto configuration is part of neighbour discovery, so also needs ICMP. So it is not just error reporting.

From what I have been reading and several papers published Filtering at Firewall level (ISP/server/home) is recommended, so that you receive, error messages (there is an advanced windows firewall setting to allow ICMPv6 echo requests on your private network(disabled as default)) , but drop messages that are potential security risks.

I feel that the option is there in both the test, and in windows for those people working on IPv6 only networks, where its operation is needed, and so disabled as default due to most current routers/homes etc just not being setup to handle IPv6 only networks and more importantly security. Still lots to learn for me, but working my way through it.

There is a pretty heavy read on the subject here RFC 4890: Recommendations for Filtering ICMPv6 Messages in Firewalls (good luck with it, it is interesting)

As to your question about helping with gaming and VPN's, I just don't think Games and services are leaning on IPv6 and its feature set enough for it to be an issue for them at the moment, there are still routers out there with either No Ipv6 support or with it disabled as default, and people just don't know, or care as long as it is working.

Hope this helped @Slavic
 

My Computer

System One

  • Operating System
    Windows 10 Pro - Windows 11
Top Bottom