LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux > Linux - Security
Reload this Page Port 0 (icmp,eth0,input) 7 packets
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Thread Tools
Old 09-02-2003, 02:22 PM   #1
wfhoney
LQ Newbie
 
Registered: Aug 2003
Location: NorCal
Distribution: woody+rhel
Posts: 7
Thanked: 0
Port 0 (icmp,eth0,input) 7 packets

[Log in to get rid of this advertisement]
I have a lot of rejected packets going to Port 0, mostly in multiples of 7.

Can anyone explain what these are, or better still, how to set up a rule in ipchains which would allow them to be dropped gracefully (i.e. not hit my default rule which logs)?

Thanks in advance!

----------- snip -------------
Rejected packets from n146-109-141-208.tranquility.net (208.141.109.146).
Port 0 (icmp,eth0,input): 7 packet(s).
Total of 7 packet(s).

Rejected packets from fc-pm6-07.enetis.net (208.141.217.198).
Port 0 (icmp,eth0,input): 7 packet(s).
Total of 7 packet(s).

Rejected packets from s38.pm6.ovis.net (208.140.192.246).
Port 0 (icmp,eth0,input): 7 packet(s).
Total of 7 packet(s).
-------- end snip ----------
wfhoney is offline     Reply With Quote
Old 09-02-2003, 02:38 PM   #2
m0rl0ck
Member
 
Registered: Nov 2002
Distribution: A totally 133t distro :)
Posts: 358
Thanked: 0
Theyre ping (icmp) packets. Could be someone scanning you and using bogus ips, probably the case if youre getting alot of them at the same time.

Put the folowing in a shell script:
----------------------------------------
# Disable response to ping.
/bin/echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all


# Disable response to broadcasts.
/bin/echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts


# Disable ICMP redirects.
/bin/echo "0" > /proc/sys/net/ipv4/conf/all/accept_redirects


# Log spoofed packets, source routed packets, redirect packets.
echo "1" > /proc/sys/net/ipv4/conf/all/log_martians
---------------------------------------------------------------

And run it. Should take care of it.
Last edited by m0rl0ck; 09-02-2003 at 02:40 PM..
m0rl0ck is offline     Reply With Quote
Old 09-02-2003, 03:06 PM   #3
wfhoney
LQ Newbie
 
Registered: Aug 2003
Location: NorCal
Distribution: woody+rhel
Posts: 7
Thanked: 0

Original Poster
Good advice
Thanks m0rl0ck!

I had enabled ICMP for the convenience of some users.
wfhoney is offline     Reply With Quote
Old 09-02-2003, 04:10 PM   #4
markus1982
Senior Member
 
Registered: Aug 2002
Location: Stuttgart (Germany)
Distribution: Debian/GNU Linux
Posts: 1,467
Thanked: 0
Check the ICMP parameters list (IANA) for more details!
markus1982 is offline     Reply With Quote

Reply

Bookmarks


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
ICMP Packets coolfrog Linux - Networking 4 12-22-2004 12:10 PM
dropping of ICMP packets from martian sources kishku Linux - Networking 2 10-19-2004 09:06 PM
How to send icmp packets on a particular interface? dravya Programming 3 07-29-2004 05:15 PM
Interpret ICMP packets SaTaN Linux - Networking 1 01-20-2004 11:23 PM
DENY ICMP Packets joseph Linux - Software 1 10-08-2003 11:03 PM


All times are GMT -5. The time now is 06:36 AM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap - LinuxQuestions.org - Linux Forums
Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
RSS2  LQ Podcast
RSS2  LQ Radio
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration