Questions about ICMP

Rick Stevens rstevens at internap.com
Thu Dec 6 01:12:04 UTC 2007 

On Wed, 2007-12-05 at 16:59 -0800, Daniel B. Thurman wrote:
> Rick Stevens wrote:
> 
> >Sent: Wednesday, December 05, 2007 4:32 PM
> >To: For users of Fedora
> >Subject: Re: Questions about ICMP
> >
> >
> >On Wed, 2007-12-05 at 19:21 -0500, Sam Varshavchik wrote:
> >> Daniel B. Thurman writes:
> >> 
> >> > Craig White wrote:
> >> > 
> >> >>Sent: Wednesday, December 05, 2007 3:33 PM
> >> >>To: For users of Fedora
> >> >>Subject: Re: Questions about ICMP
> >> >>
> >> >>
> >> >>On Wed, 2007-12-05 at 15:27 -0800, Daniel B. Thurman wrote:
> >> >>> Should ICMP packets be allowed both over the
> >> >>> Internet or should it be allowed to pass only in
> >> >>> the local networks?
> >> >>> 
> >> >>> I have a firewall appliance and trying to make sure
> >> >>> that I am being secured properly.
> >> >>----
> >> >>disabling icmp echo requests is a great feature for the 
> >ultra-paranoid
> >> > 
> >> > So... am I to read this as it is a good idea to disable all icmp
> >> > requests?  I get a LOT of ICMP requests from the Internet probing
> >> > at my ports, which are disabled.  This is a good idea?
> >> 
> >> As the man said: only if you're ultra-paranoid, and live in 
> >a perpetual fear 
> >> of Internet boogey-men.
> >
> >Hey, man, just because I'm paranoid doesn't mean they AIN'T out to
> >get me!  :-)
> >
> >----------------------------------------------------------------------
> >- Rick Stevens, Principal Engineer             rstevens at internap.com -
> >- CDN Systems, Internap, Inc.                http://www.internap.com -
> >-                                                                    -
> >-   "Do you suffer from long-term memory loss?"  "I don't remember"  -
> >-                            -- Chumbawumba, "Amnesia" (TubThumping) -
> >----------------------------------------------------------------------
> >
> >-- 
> 
> The thing here, is that what I am actually seeing is a TON of
> ggp(3) pokes to/from my Fedora box and others on the Internet
> are seemingly using the same ggp back at my Fedora(v8) box.
> 
> So, I guess it really isn't ICMP(1) - but rather it is GGP(3)
> that seems to be flying around.  This protocol is blocked
> completely by my firewall applicance by default.
> 
> So, what IS this gpp(3) really?  My logs are just getting
> filled with this blocked protocol message.

ggp is a routing protocol (gateway-gateway protocol).  It's related
to RIP and basically obsolete.  My guess is that a) your ISP is using
some rather old stuff or b) it's a hack attempt masquerading as a ggp
session.  You might let your ISP know you're seeing these packets and
it's not a good thing.

> Not a BIG deal I think, but wondered how I could prevent
> this log message out of my log files.

Yeah, you can if it's being blocked and logged by iptables.  Look
in /etc/sysconfig/iptables and look for the string "-j LOG".  Any
rule with that in it will log the packet info.  They're safe to remove
as all they do is log.

----------------------------------------------------------------------
- Rick Stevens, Principal Engineer             rstevens at internap.com -
- CDN Systems, Internap, Inc.                http://www.internap.com -
-                                                                    -
-            The gene pool could use a little chlorine.              -
----------------------------------------------------------------------

More information about the fedora-list mailing list