Questions about ICMP
Rick Stevens
rstevens at internap.com
Thu Dec 6 01:12:04 UTC 2007
On Wed, 2007-12-05 at 16:59 -0800, Daniel B. Thurman wrote:
> Rick Stevens wrote:
>
> >Sent: Wednesday, December 05, 2007 4:32 PM
> >To: For users of Fedora
> >Subject: Re: Questions about ICMP
> >
> >
> >On Wed, 2007-12-05 at 19:21 -0500, Sam Varshavchik wrote:
> >> Daniel B. Thurman writes:
> >>
> >> > Craig White wrote:
> >> >
> >> >>Sent: Wednesday, December 05, 2007 3:33 PM
> >> >>To: For users of Fedora
> >> >>Subject: Re: Questions about ICMP
> >> >>
> >> >>
> >> >>On Wed, 2007-12-05 at 15:27 -0800, Daniel B. Thurman wrote:
> >> >>> Should ICMP packets be allowed both over the
> >> >>> Internet or should it be allowed to pass only in
> >> >>> the local networks?
> >> >>>
> >> >>> I have a firewall appliance and trying to make sure
> >> >>> that I am being secured properly.
> >> >>----
> >> >>disabling icmp echo requests is a great feature for the
> >ultra-paranoid
> >> >
> >> > So... am I to read this as it is a good idea to disable all icmp
> >> > requests? I get a LOT of ICMP requests from the Internet probing
> >> > at my ports, which are disabled. This is a good idea?
> >>
> >> As the man said: only if you're ultra-paranoid, and live in
> >a perpetual fear
> >> of Internet boogey-men.
> >
> >Hey, man, just because I'm paranoid doesn't mean they AIN'T out to
> >get me! :-)
> >
> >----------------------------------------------------------------------
> >- Rick Stevens, Principal Engineer rstevens at internap.com -
> >- CDN Systems, Internap, Inc. http://www.internap.com -
> >- -
> >- "Do you suffer from long-term memory loss?" "I don't remember" -
> >- -- Chumbawumba, "Amnesia" (TubThumping) -
> >----------------------------------------------------------------------
> >
> >--
>
> The thing here, is that what I am actually seeing is a TON of
> ggp(3) pokes to/from my Fedora box and others on the Internet
> are seemingly using the same ggp back at my Fedora(v8) box.
>
> So, I guess it really isn't ICMP(1) - but rather it is GGP(3)
> that seems to be flying around. This protocol is blocked
> completely by my firewall applicance by default.
>
> So, what IS this gpp(3) really? My logs are just getting
> filled with this blocked protocol message.
ggp is a routing protocol (gateway-gateway protocol). It's related
to RIP and basically obsolete. My guess is that a) your ISP is using
some rather old stuff or b) it's a hack attempt masquerading as a ggp
session. You might let your ISP know you're seeing these packets and
it's not a good thing.
> Not a BIG deal I think, but wondered how I could prevent
> this log message out of my log files.
Yeah, you can if it's being blocked and logged by iptables. Look
in /etc/sysconfig/iptables and look for the string "-j LOG". Any
rule with that in it will log the packet info. They're safe to remove
as all they do is log.
----------------------------------------------------------------------
- Rick Stevens, Principal Engineer rstevens at internap.com -
- CDN Systems, Internap, Inc. http://www.internap.com -
- -
- The gene pool could use a little chlorine. -
----------------------------------------------------------------------
More information about the fedora-list
mailing list