ipchains: unknown ICMP requests ...
Hi there, we're using ipchains as firewall. Everything seems to be fine, but now and then, we're getting ICMP requests (PROTO=1) from low ports (1-8) to our webservers at ports 0 or 1. I can't figure out, what's the matter with this requests, it doesn't seem to hurt anyone, that the requests are blocked by our firewall. Is there any intelligent DENY-rule for this sort of requests ? bye, P. -- Dr. Patrick Frisch A.I.S. Angewandte Informations-Systeme GmbH Tel.: +49-234-9734-542 Fax.: +49-234-9734-520
Patrick Frisch wrote:
Looks like an ordinary ping to your web server (at least from port 8 to port 0). juri -- juri.haberland@innominate.de system engineer innominate AG clustering & security networking people phone: +49-30-308806-45 fax: -77 web: http://innominate.de
Hi, ICMP does not use any port, the number following the IP address reffers to the type of ICMP request/reply, eg: 8 - echo-request 0 - echo-reply 3 - destination-unreacheable 11 - time-exceeded ... []s, Bráulio Weimann Gergull ----- Original Message ----- From: Patrick Frisch <p.frisch@ais-gmbh.de> To: <suse-security@suse.com> Sent: Thursday, July 13, 2000 3:25 AM Subject: [suse-security] ipchains: unknown ICMP requests ... Hi there, we're using ipchains as firewall. Everything seems to be fine, but now and then, we're getting ICMP requests (PROTO=1) from low ports (1-8) to our webservers at ports 0 or 1. I can't figure out, what's the matter with this requests, it doesn't seem to hurt anyone, that the requests are blocked by our firewall. Is there any intelligent DENY-rule for this sort of requests ? bye, P. -- Dr. Patrick Frisch A.I.S. Angewandte Informations-Systeme GmbH Tel.: +49-234-9734-542 Fax.: +49-234-9734-520 --------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Patrick Frisch wrote:
Looks like an ordinary ping to your web server (at least from port 8 to port 0). juri -- juri.haberland@innominate.de system engineer innominate AG clustering & security networking people phone: +49-30-308806-45 fax: -77 web: http://innominate.de
Hi, ICMP does not use any port, the number following the IP address reffers to the type of ICMP request/reply, eg: 8 - echo-request 0 - echo-reply 3 - destination-unreacheable 11 - time-exceeded ... []s, Bráulio Weimann Gergull ----- Original Message ----- From: Patrick Frisch <p.frisch@ais-gmbh.de> To: <suse-security@suse.com> Sent: Thursday, July 13, 2000 3:25 AM Subject: [suse-security] ipchains: unknown ICMP requests ... Hi there, we're using ipchains as firewall. Everything seems to be fine, but now and then, we're getting ICMP requests (PROTO=1) from low ports (1-8) to our webservers at ports 0 or 1. I can't figure out, what's the matter with this requests, it doesn't seem to hurt anyone, that the requests are blocked by our firewall. Is there any intelligent DENY-rule for this sort of requests ? bye, P. -- Dr. Patrick Frisch A.I.S. Angewandte Informations-Systeme GmbH Tel.: +49-234-9734-542 Fax.: +49-234-9734-520 --------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
participants (3)
-
Br�ulio Gergull -
Juri Haberland -
Patrick Frisch