Daniel B. Thurman wrote: > Rick Stevens wrote: >> Sam Varshavchik wrote: >>> Daniel B. Thurman writes: >>> > Craig White wrote: >>> > >>> >>Sent: Wednesday, December 05, 2007 3:33 PM >>> >>To: For users of Fedora >>> >>Subject: Re: Questions about ICMP >>> >> >>> >> >>> >>On Wed, 2007-12-05 at 15:27 -0800, Daniel B. Thurman wrote: >>> >>> Should ICMP packets be allowed both over the >>> >>> Internet or should it be allowed to pass only in >>> >>> the local networks? >>> >>> >>> >>> I have a firewall appliance and trying to make sure >>> >>> that I am being secured properly. >>> >>---- >>> >>disabling icmp echo requests is a great feature for the >>ultra-paranoid >>> > >>> > So... am I to read this as it is a good idea to disable all icmp >>> > requests? I get a LOT of ICMP requests from the Internet probing >>> > at my ports, which are disabled. This is a good idea? >>> >>> As the man said: only if you're ultra-paranoid, and live in >>a perpetual fear >>> of Internet boogey-men. >> >>Hey, man, just because I'm paranoid doesn't mean they AIN'T out to >>get me! :-) >> >>---------------------------------------------------------------------- >>- Rick Stevens, Principal Engineer rstevens@xxxxxxxxxxxx - >>- CDN Systems, Internap, Inc. http://www.internap.com - >>- - >>- "Do you suffer from long-term memory loss?" "I don't remember" - >>- -- Chumbawumba, "Amnesia" (TubThumping) - >>---------------------------------------------------------------------- >> >>-- > >The thing here, is that what I am actually seeing is a TON of >ggp(3) pokes to/from my Fedora box and others on the Internet >are seemingly using the same ggp back at my Fedora(v8) box. > >So, I guess it really isn't ICMP(1) - but rather it is GGP(3) >that seems to be flying around. This protocol is blocked >completely by my firewall applicance by default. > >So, what IS this gpp(3) really? My logs are just getting >filled with this blocked protocol message. > >Not a BIG deal I think, but wondered how I could prevent >this log message out of my log files. > uh, I need to be clear here... Here is what the log message says: 12/05/2007 16:34:40.288 ICMP packet dropped 10.1.0.143, 3, LAN 192.128.167.77, 3, WAN ============================================================^===========================^ So, it is an ICMP packet, but what is "3" ???? No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.14/1171 - Release Date: 12/4/2007 7:31 PM
