Daniel B. Thurman wrote: > Daniel B. Thurman wrote: > >> Rick Stevens wrote: >>> Sam Varshavchik wrote: >>>> Daniel B. Thurman writes: >>>>> Craig White wrote: >>>>> >>>>>> Sent: Wednesday, December 05, 2007 3:33 PM >>>>>> To: For users of Fedora >>>>>> Subject: Re: Questions about ICMP >>>>>> >>>>>> >>>>>> On Wed, 2007-12-05 at 15:27 -0800, Daniel B. Thurman wrote: >>>>>>> Should ICMP packets be allowed both over the >>>>>>> Internet or should it be allowed to pass only in >>>>>>> the local networks? >>>>>>> >>>>>>> I have a firewall appliance and trying to make sure >>>>>>> that I am being secured properly. >>>>>> ---- >>>>>> disabling icmp echo requests is a great feature for the >>> ultra-paranoid >>>>> So... am I to read this as it is a good idea to disable all icmp >>>>> requests? I get a LOT of ICMP requests from the Internet probing >>>>> at my ports, which are disabled. This is a good idea? >>>> As the man said: only if you're ultra-paranoid, and live in >>> a perpetual fear >>>> of Internet boogey-men. >>> Hey, man, just because I'm paranoid doesn't mean they AIN'T out to >>> get me! :-) >>> >>> ---------------------------------------------------------------------- >>> - Rick Stevens, Principal Engineer rstevens@xxxxxxxxxxxx - >>> - CDN Systems, Internap, Inc. http://www.internap.com - >>> - - >>> - "Do you suffer from long-term memory loss?" "I don't remember" - >>> - -- Chumbawumba, "Amnesia" (TubThumping) - >>> ---------------------------------------------------------------------- >>> >>> -- >> The thing here, is that what I am actually seeing is a TON of >> ggp(3) pokes to/from my Fedora box and others on the Internet >> are seemingly using the same ggp back at my Fedora(v8) box. >> >> So, I guess it really isn't ICMP(1) - but rather it is GGP(3) >> that seems to be flying around. This protocol is blocked >> completely by my firewall applicance by default. >> >> So, what IS this gpp(3) really? My logs are just getting >> filled with this blocked protocol message. >> >> Not a BIG deal I think, but wondered how I could prevent >> this log message out of my log files. >> > > uh, I need to be clear here... > > Here is what the log message says: > > 12/05/2007 16:34:40.288 ICMP packet dropped 10.1.0.143, 3, LAN 192.128.167.77, 3, WAN > ============================================================^===========================^ > So, it is an ICMP packet, but what is "3" ???? Type 3 is "Destination unreachable"