On Sat, 2010-01-30 at 20:00 +0100, Verner Kjærsgaard wrote:
Hi list,
- I've got an openSuSE 11.0 with an Apache webserver. - From my ASTARO firewall, I see a pile of outgoing trafic, repeated 24/7 every minute. My Firewall is blocking it..., anyone know what it is?
17:57:13 Default DROP ICMP 192.168.0.6 210.163.43.1 len=1044
17:57:23 Default DROP ICMP 192.168.0.6 212.110.79.74 len=1044
Read the above like this...from 192.168.0.6 it's pinging with a large packet to the two external IP's shown.
ICMP is more than just ping, and in the above you don't say if it is ICMP ECHO, it could for example be ICMP ECHO REPLY (a response to a ping), or an ICMP TIME EXCEEDED message (a response to a traceroute for example), or any one of several useful ICMP messages. ICMP is the error handling protocol of the internet, and simply blocking it could lead to unforeseen problems. In this case, if you really don't want to allow the traffic, you should at least try to see what the ICMP message is. 1044 is not a normal size for a ping packet, it's much bigger than usual Anders -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org