Questions about ICMP
Daniel B. Thurman
dant at cdkkt.com
Thu Dec 6 01:14:11 UTC 2007
Daniel B. Thurman wrote:
> Rick Stevens wrote:
>> Sam Varshavchik wrote:
>>> Daniel B. Thurman writes:
>>> > Craig White wrote:
>>> >
>>> >>Sent: Wednesday, December 05, 2007 3:33 PM
>>> >>To: For users of Fedora
>>> >>Subject: Re: Questions about ICMP
>>> >>
>>> >>
>>> >>On Wed, 2007-12-05 at 15:27 -0800, Daniel B. Thurman wrote:
>>> >>> Should ICMP packets be allowed both over the
>>> >>> Internet or should it be allowed to pass only in
>>> >>> the local networks?
>>> >>>
>>> >>> I have a firewall appliance and trying to make sure
>>> >>> that I am being secured properly.
>>> >>----
>>> >>disabling icmp echo requests is a great feature for the
>>ultra-paranoid
>>> >
>>> > So... am I to read this as it is a good idea to disable all icmp
>>> > requests? I get a LOT of ICMP requests from the Internet probing
>>> > at my ports, which are disabled. This is a good idea?
>>>
>>> As the man said: only if you're ultra-paranoid, and live in
>>a perpetual fear
>>> of Internet boogey-men.
>>
>>Hey, man, just because I'm paranoid doesn't mean they AIN'T out to
>>get me! :-)
>>
>>----------------------------------------------------------------------
>>- Rick Stevens, Principal Engineer rstevens at internap.com -
>>- CDN Systems, Internap, Inc. http://www.internap.com -
>>- -
>>- "Do you suffer from long-term memory loss?" "I don't remember" -
>>- -- Chumbawumba, "Amnesia" (TubThumping) -
>>----------------------------------------------------------------------
>>
>>--
>
>The thing here, is that what I am actually seeing is a TON of
>ggp(3) pokes to/from my Fedora box and others on the Internet
>are seemingly using the same ggp back at my Fedora(v8) box.
>
>So, I guess it really isn't ICMP(1) - but rather it is GGP(3)
>that seems to be flying around. This protocol is blocked
>completely by my firewall applicance by default.
>
>So, what IS this gpp(3) really? My logs are just getting
>filled with this blocked protocol message.
>
>Not a BIG deal I think, but wondered how I could prevent
>this log message out of my log files.
>
uh, I need to be clear here...
Here is what the log message says:
12/05/2007 16:34:40.288 ICMP packet dropped 10.1.0.143, 3, LAN 192.128.167.77, 3, WAN
============================================================^===========================^
So, it is an ICMP packet, but what is "3" ????
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.503 / Virus Database: 269.16.14/1171 - Release Date: 12/4/2007 7:31 PM
More information about the users
mailing list