Stop DNS hijack and ping?

Strange, while I know of the DNS Error Assist "feature" (and have also turned it off), I do not have any of the issues you have with DNS or ICMP highjacking.  Are you using the gateway as your DNS server?

No, my router is configured to use 8.8.8.8 and 1.1.1.1.

DNS Error Assist has nothing to do with the web server in the modem.

When the gateway loses connection to the Internet, I have seen it intercept 80/443 requests and try to display a connection down page; this is not done by replying to the DNS requests with the gateway's IP, it is done by intercepting the HTTP requests on their way to the real host when there's no route to the real host.  It should be noted that the 443 responses are normally eaten by the browser due to it detecting a cert mismatch.

It's only possible if the DNS names are cached on the client because there will be no resolution without a path to the DNS servers.  Likewise, ICMP requests will likely get an error return.

The helpful webpage is only displayed if DNS Error Assist is enabled. No DNS caching is involved at all.  When the fiber side is down, the modem resolves any frigging character string to its own IP address. “Any” is not an exaggeration. The modem should not hijack DNS but especially if DNS Error Assist is disabled. 

The modem should also not hijack ICMP.

The modem has no awareness of DNS Error Assist.

The modem should also not hijack ICMP.

Agreed, and I have never known it to.

Disabling DNS Error Assist in the web privacy choices configures the modem to stop displaying the helpful webpage when the fiber side goes down. Unfortunately this setting doesn't also disable the fake DNS when the fiber is down.

You keep stating your beliefs as if they were accepted facts, but they're just that: "your beliefs."