On Wed, 2007-12-05 at 16:59 -0800, Daniel B. Thurman wrote: > Rick Stevens wrote: > > >Sent: Wednesday, December 05, 2007 4:32 PM > >To: For users of Fedora > >Subject: Re: Questions about ICMP > > > > > >On Wed, 2007-12-05 at 19:21 -0500, Sam Varshavchik wrote: > >> Daniel B. Thurman writes: > >> > >> > Craig White wrote: > >> > > >> >>Sent: Wednesday, December 05, 2007 3:33 PM > >> >>To: For users of Fedora > >> >>Subject: Re: Questions about ICMP > >> >> > >> >> > >> >>On Wed, 2007-12-05 at 15:27 -0800, Daniel B. Thurman wrote: > >> >>> Should ICMP packets be allowed both over the > >> >>> Internet or should it be allowed to pass only in > >> >>> the local networks? > >> >>> > >> >>> I have a firewall appliance and trying to make sure > >> >>> that I am being secured properly. > >> >>---- > >> >>disabling icmp echo requests is a great feature for the > >ultra-paranoid > >> > > >> > So... am I to read this as it is a good idea to disable all icmp > >> > requests? I get a LOT of ICMP requests from the Internet probing > >> > at my ports, which are disabled. This is a good idea? > >> > >> As the man said: only if you're ultra-paranoid, and live in > >a perpetual fear > >> of Internet boogey-men. > > > >Hey, man, just because I'm paranoid doesn't mean they AIN'T out to > >get me! :-) > > > >---------------------------------------------------------------------- > >- Rick Stevens, Principal Engineer rstevens@xxxxxxxxxxxx - > >- CDN Systems, Internap, Inc. http://www.internap.com - > >- - > >- "Do you suffer from long-term memory loss?" "I don't remember" - > >- -- Chumbawumba, "Amnesia" (TubThumping) - > >---------------------------------------------------------------------- > > > >-- > > The thing here, is that what I am actually seeing is a TON of > ggp(3) pokes to/from my Fedora box and others on the Internet > are seemingly using the same ggp back at my Fedora(v8) box. > > So, I guess it really isn't ICMP(1) - but rather it is GGP(3) > that seems to be flying around. This protocol is blocked > completely by my firewall applicance by default. > > So, what IS this gpp(3) really? My logs are just getting > filled with this blocked protocol message. ggp is a routing protocol (gateway-gateway protocol). It's related to RIP and basically obsolete. My guess is that a) your ISP is using some rather old stuff or b) it's a hack attempt masquerading as a ggp session. You might let your ISP know you're seeing these packets and it's not a good thing. > Not a BIG deal I think, but wondered how I could prevent > this log message out of my log files. Yeah, you can if it's being blocked and logged by iptables. Look in /etc/sysconfig/iptables and look for the string "-j LOG". Any rule with that in it will log the packet info. They're safe to remove as all they do is log. ---------------------------------------------------------------------- - Rick Stevens, Principal Engineer rstevens@xxxxxxxxxxxx - - CDN Systems, Internap, Inc. http://www.internap.com - - - - The gene pool could use a little chlorine. - ----------------------------------------------------------------------
