Hi, On 23-Aug-01 Togan Muftuoglu wrote:
Hi,
I had set email to the list before with the firewall denying the icmp request coming from 10.14.9.254 top my internet address
However for the last 30 minutes or more this has become a real pain and its like DOS as I cannot visit websites nor can do ftp downloads and the mail traffic has become extremely slow.
This is the same log I sent to the ISP (can't say they are helpfull yet)
The denied packets are ICMP type 3 code 1/3 (host/port unreachable). The ip 10.14.9.254 is an address from the privat class A ip block (10.0.0.0 - 10.255.255.255/255.0.0.0), and due to the fact that the TTL of these packets is 254, the host/router which sends these packets is not far away from you I think. In this case (if no spoofing is involved), I suppose there's some kind of boarder router/point-of-presence of your ISP trying to tell your host that it/other hosts is/are not reachable. You should never block ICMP type 3 on your firewall since TCP sometimes relies on these error messages to work correctly.
1)What can I do to minimize the effect ?
Close your connection, open your firewall to ICMP type 3, restart your pppoed, bring up the firewall again and look what happens... ;) [...]
Thx
-- Togan Muftuoglu
Security Violations =-=-=-=-=-=-=-=-=-= Aug 23 11:29:29 gardiyan kernel: Packet log: input DENY ppp0 PROTO=1 10.14.9.254:3 212.156.197.226:1 L=56 S=0x00 I=38076 F=0x0000 T=254 (#3) Aug 23 11:31:11 gardiyan kernel: Packet log: input DENY ppp0 PROTO=1 10.14.9.254:3 212.156.197.226:1 L=56 S=0x00 I=60371 F=0x0000 T=254 (#3) Aug 23 11:32:43 gardiyan kernel: Packet log: input DENY ppp0 PROTO=1 10.14.9.254:3 212.156.197.226:1 L=56 S=0x00 I=23903 F=0x0000 T=254 (#3) [...]
---
Boris Lorenz