Questions about ICMP

Daniel B. Thurman dant at cdkkt.com
Thu Dec 6 01:14:11 UTC 2007 

Daniel B. Thurman wrote:

> Rick Stevens wrote:
>> Sam Varshavchik wrote:
>>> Daniel B. Thurman writes:
>>> > Craig White wrote:
>>> > 
>>> >>Sent: Wednesday, December 05, 2007 3:33 PM
>>> >>To: For users of Fedora
>>> >>Subject: Re: Questions about ICMP
>>> >>
>>> >>
>>> >>On Wed, 2007-12-05 at 15:27 -0800, Daniel B. Thurman wrote:
>>> >>> Should ICMP packets be allowed both over the
>>> >>> Internet or should it be allowed to pass only in
>>> >>> the local networks?
>>> >>> 
>>> >>> I have a firewall appliance and trying to make sure
>>> >>> that I am being secured properly.
>>> >>----
>>> >>disabling icmp echo requests is a great feature for the 
>>ultra-paranoid
>>> > 
>>> > So... am I to read this as it is a good idea to disable all icmp
>>> > requests?  I get a LOT of ICMP requests from the Internet probing
>>> > at my ports, which are disabled.  This is a good idea?
>>> 
>>> As the man said: only if you're ultra-paranoid, and live in 
>>a perpetual fear 
>>> of Internet boogey-men.
>>
>>Hey, man, just because I'm paranoid doesn't mean they AIN'T out to
>>get me!  :-)
>>
>>----------------------------------------------------------------------
>>- Rick Stevens, Principal Engineer             rstevens at internap.com -
>>- CDN Systems, Internap, Inc.                http://www.internap.com -
>>-                                                                    -
>>-   "Do you suffer from long-term memory loss?"  "I don't remember"  -
>>-                            -- Chumbawumba, "Amnesia" (TubThumping) -
>>----------------------------------------------------------------------
>>
>>-- 
>
>The thing here, is that what I am actually seeing is a TON of
>ggp(3) pokes to/from my Fedora box and others on the Internet
>are seemingly using the same ggp back at my Fedora(v8) box.
>
>So, I guess it really isn't ICMP(1) - but rather it is GGP(3)
>that seems to be flying around.  This protocol is blocked
>completely by my firewall applicance by default.
>
>So, what IS this gpp(3) really?  My logs are just getting
>filled with this blocked protocol message.
>
>Not a BIG deal I think, but wondered how I could prevent
>this log message out of my log files.
>

uh, I need to be clear here...

Here is what the log message says:

12/05/2007 16:34:40.288	ICMP packet dropped	10.1.0.143, 3, LAN	192.128.167.77, 3, WAN
============================================================^===========================^
So, it is an ICMP packet, but what is "3" ????

No virus found in this outgoing message.
Checked by AVG Free Edition. 
Version: 7.5.503 / Virus Database: 269.16.14/1171 - Release Date: 12/4/2007 7:31 PM

More information about the users mailing list