LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   How to find out who is pinging me ? (https://www.linuxquestions.org/questions/linux-security-4/how-to-find-out-who-is-pinging-me-4175443206/)

bala.linuxtech 12-28-2012 12:17 AM

How to find out who is pinging me ?
 
Hi Geeks

I would like to know, How to find out Who is pinging/pinged my Linux System ? Please guide me to get answer for this question

Thanks in advance

Regards
Bala.Linuxtech

azenenc 12-28-2012 01:07 AM

I used to use Netstat to find out: (Command is "netstat --inet6 -c -e -p -a")
Today all I do is to check my router's log. And OF COURSE I have a homemade linux router :)

tshikose 12-28-2012 01:11 AM

Hi,

Put a line like the below in /etc/sysconfig/iptables.

Code:

-A INPUT -p icmp --icmp-type echo-request -j LOG --log-prefix "LOG_IPTABLES_PING_REQUEST: "
You need to insert that line at the right place.
If you cannot identify where, post back your /etc/sysconfig/iptables.


Then later
Code:

grep 'LOG_IPTABLES_PING_REQUEST: ' /var/log/messages

bala.linuxtech 12-28-2012 01:35 AM

Quote:

Originally Posted by tshikose (Post 4858224)
Hi,

Put a line like the below in /etc/sysconfig/iptables.

Code:

-A INPUT -p icmp --icmp-type echo-request -j LOG --log-prefix "LOG_IPTABLES_PING_REQUEST: "
You need to insert that line at the right place.
If you cannot identify where, post back your /etc/sysconfig/iptables.


Then later
Code:

grep 'LOG_IPTABLES_PING_REQUEST: ' /var/log/messages

Hi tshikose

Thanks , it's interesting but i dont know where should i insert this line, This is my iptables file, pls guide me to get resolve this .. Thanks


# Generated by iptables-save v1.3.5 on Thu Dec 27 23:24:41 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [15137:3829777]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A INPUT -p icmp --icmp-type echo-request -j LOG --log-prefix "LOG_IPTABLES_PING_REQUEST: "
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Thu Dec 27 23:24:41 2012

tshikose 12-28-2012 02:37 AM

Hi,

No problem, here we go.

Code:

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [15137:3829777]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
# I have removed the line here, that I had suggested and that you had inserted here. I have inserted it just before the ICMP rule below in RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type echo-request -j LOG --log-prefix "LOG_IPTABLES_PING_REQUEST: "
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

Of course, you will also need to restart the iptables service with
Code:

service iptables restart
Remark that your system will still reply to ping request, what is added is just a logging capability.
To log and then to block (without any information sent back to the requester), you can add a line like the below after the logging line.

Code:

-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type echo-request -j LOG --log-prefix "LOG_IPTABLES_PING_REQUEST: "
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type echo-request -j DROP



All times are GMT -5. The time now is 03:23 PM.