FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 12-05-2007, 10:33 PM
Craig White
 
Default Questions about ICMP

On Wed, 2007-12-05 at 15:27 -0800, Daniel B. Thurman wrote:
> Should ICMP packets be allowed both over the
> Internet or should it be allowed to pass only in
> the local networks?
>
> I have a firewall appliance and trying to make sure
> that I am being secured properly.
----
disabling icmp echo requests is a great feature for the ultra-paranoid

Craig

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-05-2007, 11:00 PM
"Daniel B. Thurman"
 
Default Questions about ICMP

Craig White wrote:

>Sent: Wednesday, December 05, 2007 3:33 PM
>To: For users of Fedora
>Subject: Re: Questions about ICMP
>
>
>On Wed, 2007-12-05 at 15:27 -0800, Daniel B. Thurman wrote:
>> Should ICMP packets be allowed both over the
>> Internet or should it be allowed to pass only in
>> the local networks?
>>
>> I have a firewall appliance and trying to make sure
>> that I am being secured properly.
>----
>disabling icmp echo requests is a great feature for the ultra-paranoid
>
>Craig
>
>--

So... am I to read this as it is a good idea to disable all icmp
requests? I get a LOT of ICMP requests from the Internet probing
at my ports, which are disabled. This is a good idea?

No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.503 / Virus Database: 269.16.14/1171 - Release Date: 12/4/2007 7:31 PM


--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-05-2007, 11:16 PM
Rick Stevens
 
Default Questions about ICMP

On Wed, 2007-12-05 at 16:00 -0800, Daniel B. Thurman wrote:
> Craig White wrote:
>
> >Sent: Wednesday, December 05, 2007 3:33 PM
> >To: For users of Fedora
> >Subject: Re: Questions about ICMP
> >
> >
> >On Wed, 2007-12-05 at 15:27 -0800, Daniel B. Thurman wrote:
> >> Should ICMP packets be allowed both over the
> >> Internet or should it be allowed to pass only in
> >> the local networks?
> >>
> >> I have a firewall appliance and trying to make sure
> >> that I am being secured properly.
> >----
> >disabling icmp echo requests is a great feature for the ultra-paranoid
> >
> >Craig
> >
> >--
>
> So... am I to read this as it is a good idea to disable all icmp
> requests? I get a LOT of ICMP requests from the Internet probing
> at my ports, which are disabled. This is a good idea?

There is no reason for people to ICMP you unless they're just snooping
to see what IPs are in use--and that can indicate an oncoming hack
attempt. It is a very good idea to turn it off.

I do...at least at my router/firewall. The Internet doesn't need to
know I'm there. Internally I leave it enabled so I can verify my
machines are alive (that and SNMP stuff). So if you're on my private
network, pings are OK. I ignore attempts from the outside (in iptables
parlance, "-j DROP").

----------------------------------------------------------------------
- Rick Stevens, Principal Engineer rstevens@internap.com -
- CDN Systems, Internap, Inc. http://www.internap.com -
- -
- Silence! Or I shall replace you with a very small shell script! -
- - The Wizard of OS -
----------------------------------------------------------------------

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-05-2007, 11:21 PM
Sam Varshavchik
 
Default Questions about ICMP

Daniel B. Thurman writes:


Craig White wrote:


Sent: Wednesday, December 05, 2007 3:33 PM
To: For users of Fedora
Subject: Re: Questions about ICMP


On Wed, 2007-12-05 at 15:27 -0800, Daniel B. Thurman wrote:

Should ICMP packets be allowed both over the
Internet or should it be allowed to pass only in
the local networks?

I have a firewall appliance and trying to make sure
that I am being secured properly.

----
disabling icmp echo requests is a great feature for the ultra-paranoid


So... am I to read this as it is a good idea to disable all icmp
requests? I get a LOT of ICMP requests from the Internet probing
at my ports, which are disabled. This is a good idea?


As the man said: only if you're ultra-paranoid, and live in a perpetual fear
of Internet boogey-men.



--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-05-2007, 11:31 PM
Rick Stevens
 
Default Questions about ICMP

On Wed, 2007-12-05 at 19:21 -0500, Sam Varshavchik wrote:
> Daniel B. Thurman writes:
>
> > Craig White wrote:
> >
> >>Sent: Wednesday, December 05, 2007 3:33 PM
> >>To: For users of Fedora
> >>Subject: Re: Questions about ICMP
> >>
> >>
> >>On Wed, 2007-12-05 at 15:27 -0800, Daniel B. Thurman wrote:
> >>> Should ICMP packets be allowed both over the
> >>> Internet or should it be allowed to pass only in
> >>> the local networks?
> >>>
> >>> I have a firewall appliance and trying to make sure
> >>> that I am being secured properly.
> >>----
> >>disabling icmp echo requests is a great feature for the ultra-paranoid
> >
> > So... am I to read this as it is a good idea to disable all icmp
> > requests? I get a LOT of ICMP requests from the Internet probing
> > at my ports, which are disabled. This is a good idea?
>
> As the man said: only if you're ultra-paranoid, and live in a perpetual fear
> of Internet boogey-men.

Hey, man, just because I'm paranoid doesn't mean they AIN'T out to
get me! :-)

----------------------------------------------------------------------
- Rick Stevens, Principal Engineer rstevens@internap.com -
- CDN Systems, Internap, Inc. http://www.internap.com -
- -
- "Do you suffer from long-term memory loss?" "I don't remember" -
- -- Chumbawumba, "Amnesia" (TubThumping) -
----------------------------------------------------------------------

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-05-2007, 11:59 PM
"Daniel B. Thurman"
 
Default Questions about ICMP

Rick Stevens wrote:

>Sent: Wednesday, December 05, 2007 4:32 PM
>To: For users of Fedora
>Subject: Re: Questions about ICMP
>
>
>On Wed, 2007-12-05 at 19:21 -0500, Sam Varshavchik wrote:
>> Daniel B. Thurman writes:
>>
>> > Craig White wrote:
>> >
>> >>Sent: Wednesday, December 05, 2007 3:33 PM
>> >>To: For users of Fedora
>> >>Subject: Re: Questions about ICMP
>> >>
>> >>
>> >>On Wed, 2007-12-05 at 15:27 -0800, Daniel B. Thurman wrote:
>> >>> Should ICMP packets be allowed both over the
>> >>> Internet or should it be allowed to pass only in
>> >>> the local networks?
>> >>>
>> >>> I have a firewall appliance and trying to make sure
>> >>> that I am being secured properly.
>> >>----
>> >>disabling icmp echo requests is a great feature for the
>ultra-paranoid
>> >
>> > So... am I to read this as it is a good idea to disable all icmp
>> > requests? I get a LOT of ICMP requests from the Internet probing
>> > at my ports, which are disabled. This is a good idea?
>>
>> As the man said: only if you're ultra-paranoid, and live in
>a perpetual fear
>> of Internet boogey-men.
>
>Hey, man, just because I'm paranoid doesn't mean they AIN'T out to
>get me! :-)
>
>----------------------------------------------------------------------
>- Rick Stevens, Principal Engineer rstevens@internap.com -
>- CDN Systems, Internap, Inc. http://www.internap.com -
>- -
>- "Do you suffer from long-term memory loss?" "I don't remember" -
>- -- Chumbawumba, "Amnesia" (TubThumping) -
>----------------------------------------------------------------------
>
>--

The thing here, is that what I am actually seeing is a TON of
ggp(3) pokes to/from my Fedora box and others on the Internet
are seemingly using the same ggp back at my Fedora(v8) box.

So, I guess it really isn't ICMP(1) - but rather it is GGP(3)
that seems to be flying around. This protocol is blocked
completely by my firewall applicance by default.

So, what IS this gpp(3) really? My logs are just getting
filled with this blocked protocol message.

Not a BIG deal I think, but wondered how I could prevent
this log message out of my log files.

No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.503 / Virus Database: 269.16.14/1171 - Release Date: 12/4/2007 7:31 PM


--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-06-2007, 12:12 AM
Rick Stevens
 
Default Questions about ICMP

On Wed, 2007-12-05 at 16:59 -0800, Daniel B. Thurman wrote:
> Rick Stevens wrote:
>
> >Sent: Wednesday, December 05, 2007 4:32 PM
> >To: For users of Fedora
> >Subject: Re: Questions about ICMP
> >
> >
> >On Wed, 2007-12-05 at 19:21 -0500, Sam Varshavchik wrote:
> >> Daniel B. Thurman writes:
> >>
> >> > Craig White wrote:
> >> >
> >> >>Sent: Wednesday, December 05, 2007 3:33 PM
> >> >>To: For users of Fedora
> >> >>Subject: Re: Questions about ICMP
> >> >>
> >> >>
> >> >>On Wed, 2007-12-05 at 15:27 -0800, Daniel B. Thurman wrote:
> >> >>> Should ICMP packets be allowed both over the
> >> >>> Internet or should it be allowed to pass only in
> >> >>> the local networks?
> >> >>>
> >> >>> I have a firewall appliance and trying to make sure
> >> >>> that I am being secured properly.
> >> >>----
> >> >>disabling icmp echo requests is a great feature for the
> >ultra-paranoid
> >> >
> >> > So... am I to read this as it is a good idea to disable all icmp
> >> > requests? I get a LOT of ICMP requests from the Internet probing
> >> > at my ports, which are disabled. This is a good idea?
> >>
> >> As the man said: only if you're ultra-paranoid, and live in
> >a perpetual fear
> >> of Internet boogey-men.
> >
> >Hey, man, just because I'm paranoid doesn't mean they AIN'T out to
> >get me! :-)
> >
> >----------------------------------------------------------------------
> >- Rick Stevens, Principal Engineer rstevens@internap.com -
> >- CDN Systems, Internap, Inc. http://www.internap.com -
> >- -
> >- "Do you suffer from long-term memory loss?" "I don't remember" -
> >- -- Chumbawumba, "Amnesia" (TubThumping) -
> >----------------------------------------------------------------------
> >
> >--
>
> The thing here, is that what I am actually seeing is a TON of
> ggp(3) pokes to/from my Fedora box and others on the Internet
> are seemingly using the same ggp back at my Fedora(v8) box.
>
> So, I guess it really isn't ICMP(1) - but rather it is GGP(3)
> that seems to be flying around. This protocol is blocked
> completely by my firewall applicance by default.
>
> So, what IS this gpp(3) really? My logs are just getting
> filled with this blocked protocol message.

ggp is a routing protocol (gateway-gateway protocol). It's related
to RIP and basically obsolete. My guess is that a) your ISP is using
some rather old stuff or b) it's a hack attempt masquerading as a ggp
session. You might let your ISP know you're seeing these packets and
it's not a good thing.

> Not a BIG deal I think, but wondered how I could prevent
> this log message out of my log files.

Yeah, you can if it's being blocked and logged by iptables. Look
in /etc/sysconfig/iptables and look for the string "-j LOG". Any
rule with that in it will log the packet info. They're safe to remove
as all they do is log.

----------------------------------------------------------------------
- Rick Stevens, Principal Engineer rstevens@internap.com -
- CDN Systems, Internap, Inc. http://www.internap.com -
- -
- The gene pool could use a little chlorine. -
----------------------------------------------------------------------

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-06-2007, 12:14 AM
"Daniel B. Thurman"
 
Default Questions about ICMP

Daniel B. Thurman wrote:

> Rick Stevens wrote:
>> Sam Varshavchik wrote:
>>> Daniel B. Thurman writes:
>>> > Craig White wrote:
>>> >
>>> >>Sent: Wednesday, December 05, 2007 3:33 PM
>>> >>To: For users of Fedora
>>> >>Subject: Re: Questions about ICMP
>>> >>
>>> >>
>>> >>On Wed, 2007-12-05 at 15:27 -0800, Daniel B. Thurman wrote:
>>> >>> Should ICMP packets be allowed both over the
>>> >>> Internet or should it be allowed to pass only in
>>> >>> the local networks?
>>> >>>
>>> >>> I have a firewall appliance and trying to make sure
>>> >>> that I am being secured properly.
>>> >>----
>>> >>disabling icmp echo requests is a great feature for the
>>ultra-paranoid
>>> >
>>> > So... am I to read this as it is a good idea to disable all icmp
>>> > requests? I get a LOT of ICMP requests from the Internet probing
>>> > at my ports, which are disabled. This is a good idea?
>>>
>>> As the man said: only if you're ultra-paranoid, and live in
>>a perpetual fear
>>> of Internet boogey-men.
>>
>>Hey, man, just because I'm paranoid doesn't mean they AIN'T out to
>>get me! :-)
>>
>>----------------------------------------------------------------------
>>- Rick Stevens, Principal Engineer rstevens@internap.com -
>>- CDN Systems, Internap, Inc. http://www.internap.com -
>>- -
>>- "Do you suffer from long-term memory loss?" "I don't remember" -
>>- -- Chumbawumba, "Amnesia" (TubThumping) -
>>----------------------------------------------------------------------
>>
>>--
>
>The thing here, is that what I am actually seeing is a TON of
>ggp(3) pokes to/from my Fedora box and others on the Internet
>are seemingly using the same ggp back at my Fedora(v8) box.
>
>So, I guess it really isn't ICMP(1) - but rather it is GGP(3)
>that seems to be flying around. This protocol is blocked
>completely by my firewall applicance by default.
>
>So, what IS this gpp(3) really? My logs are just getting
>filled with this blocked protocol message.
>
>Not a BIG deal I think, but wondered how I could prevent
>this log message out of my log files.
>

uh, I need to be clear here...

Here is what the log message says:

12/05/2007 16:34:40.288 ICMP packet dropped 10.1.0.143, 3, LAN 192.128.167.77, 3, WAN
================================================== ==========^===========================^
So, it is an ICMP packet, but what is "3" ????

No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.503 / Virus Database: 269.16.14/1171 - Release Date: 12/4/2007 7:31 PM


--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-06-2007, 12:19 AM
Ed Greshko
 
Default Questions about ICMP

Daniel B. Thurman wrote:
> Daniel B. Thurman wrote:
>
>> Rick Stevens wrote:
>>> Sam Varshavchik wrote:
>>>> Daniel B. Thurman writes:
>>>>> Craig White wrote:
>>>>>
>>>>>> Sent: Wednesday, December 05, 2007 3:33 PM
>>>>>> To: For users of Fedora
>>>>>> Subject: Re: Questions about ICMP
>>>>>>
>>>>>>
>>>>>> On Wed, 2007-12-05 at 15:27 -0800, Daniel B. Thurman wrote:
>>>>>>> Should ICMP packets be allowed both over the
>>>>>>> Internet or should it be allowed to pass only in
>>>>>>> the local networks?
>>>>>>>
>>>>>>> I have a firewall appliance and trying to make sure
>>>>>>> that I am being secured properly.
>>>>>> ----
>>>>>> disabling icmp echo requests is a great feature for the
>>> ultra-paranoid
>>>>> So... am I to read this as it is a good idea to disable all icmp
>>>>> requests? I get a LOT of ICMP requests from the Internet probing
>>>>> at my ports, which are disabled. This is a good idea?
>>>> As the man said: only if you're ultra-paranoid, and live in
>>> a perpetual fear
>>>> of Internet boogey-men.
>>> Hey, man, just because I'm paranoid doesn't mean they AIN'T out to
>>> get me! :-)
>>>
>>> ----------------------------------------------------------------------
>>> - Rick Stevens, Principal Engineer rstevens@internap.com -
>>> - CDN Systems, Internap, Inc. http://www.internap.com -
>>> - -
>>> - "Do you suffer from long-term memory loss?" "I don't remember" -
>>> - -- Chumbawumba, "Amnesia" (TubThumping) -
>>> ----------------------------------------------------------------------
>>>
>>> --
>> The thing here, is that what I am actually seeing is a TON of
>> ggp(3) pokes to/from my Fedora box and others on the Internet
>> are seemingly using the same ggp back at my Fedora(v8) box.
>>
>> So, I guess it really isn't ICMP(1) - but rather it is GGP(3)
>> that seems to be flying around. This protocol is blocked
>> completely by my firewall applicance by default.
>>
>> So, what IS this gpp(3) really? My logs are just getting
>> filled with this blocked protocol message.
>>
>> Not a BIG deal I think, but wondered how I could prevent
>> this log message out of my log files.
>>
>
> uh, I need to be clear here...
>
> Here is what the log message says:
>
> 12/05/2007 16:34:40.288 ICMP packet dropped 10.1.0.143, 3, LAN 192.128.167.77, 3, WAN
> ================================================== ==========^===========================^
> So, it is an ICMP packet, but what is "3" ????

Type 3 is "Destination unreachable"

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-06-2007, 12:30 AM
"Daniel B. Thurman"
 
Default Questions about ICMP

Ed Greshko wrote:
>Sent: Wednesday, December 05, 2007 5:19 PM
>To: For users of Fedora
>Subject: Re: Questions about ICMP
>
>
>Daniel B. Thurman wrote:
>> Daniel B. Thurman wrote:
>>
>>> Rick Stevens wrote:
>>>> Sam Varshavchik wrote:
>>>>> Daniel B. Thurman writes:
>>>>>> Craig White wrote:
>>>>>>
>>>>>>> Sent: Wednesday, December 05, 2007 3:33 PM
>>>>>>> To: For users of Fedora
>>>>>>> Subject: Re: Questions about ICMP
>>>>>>>
>>>>>>>
>>>>>>> On Wed, 2007-12-05 at 15:27 -0800, Daniel B. Thurman wrote:
>>>>>>>> Should ICMP packets be allowed both over the
>>>>>>>> Internet or should it be allowed to pass only in
>>>>>>>> the local networks?
>>>>>>>>
>>>>>>>> I have a firewall appliance and trying to make sure
>>>>>>>> that I am being secured properly.
>>>>>>> ----
>>>>>>> disabling icmp echo requests is a great feature for the
>>>> ultra-paranoid
>>>>>> So... am I to read this as it is a good idea to disable all icmp
>>>>>> requests? I get a LOT of ICMP requests from the Internet probing
>>>>>> at my ports, which are disabled. This is a good idea?
>>>>> As the man said: only if you're ultra-paranoid, and live in
>>>> a perpetual fear
>>>>> of Internet boogey-men.
>>>> Hey, man, just because I'm paranoid doesn't mean they AIN'T out to
>>>> get me! :-)
>>>>
>>>>
>----------------------------------------------------------------------
>>>> - Rick Stevens, Principal Engineer
>rstevens@internap.com -
>>>> - CDN Systems, Internap, Inc.
>http://www.internap.com -
>>>> -
> -
>>>> - "Do you suffer from long-term memory loss?" "I don't
>remember" -
>>>> - -- Chumbawumba, "Amnesia"
>(TubThumping) -
>>>>
>----------------------------------------------------------------------
>>>>
>>>> --
>>> The thing here, is that what I am actually seeing is a TON of
>>> ggp(3) pokes to/from my Fedora box and others on the Internet
>>> are seemingly using the same ggp back at my Fedora(v8) box.
>>>
>>> So, I guess it really isn't ICMP(1) - but rather it is GGP(3)
>>> that seems to be flying around. This protocol is blocked
>>> completely by my firewall applicance by default.
>>>
>>> So, what IS this gpp(3) really? My logs are just getting
>>> filled with this blocked protocol message.
>>>
>>> Not a BIG deal I think, but wondered how I could prevent
>>> this log message out of my log files.
>>>
>>
>> uh, I need to be clear here...
>>
>> Here is what the log message says:
>>
>> 12/05/2007 16:34:40.288 ICMP packet dropped
>10.1.0.143, 3, LAN 192.128.167.77, 3, WAN
>>
>================================================= ===========^==
>=========================^
>> So, it is an ICMP packet, but what is "3" ????
>
>Type 3 is "Destination unreachable"
>
>--

Uh, I think I understand why I am seeing this ICMP(3) bouncing
to/from Fedora/Internet as I am downloading packages using the
Package Manager and I *think* that the Package Manager is using
Yum with various mirrors and as it tests mirror connections, it
hits the unreachable destination thus switches to another mirror?

Maybe that is why my firewall appliance is logging it.

The odd thing is why am I seeing this in both both directions?
No... I am not being paranoid, I am not being paranoid, ...

Much ado about nothing, or so it seems...

No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.503 / Virus Database: 269.16.14/1171 - Release Date: 12/4/2007 7:31 PM


--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 

Thread Tools




All times are GMT. The time now is 12:25 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org