Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
..as I stated in the post above, it did work.
Every time I reboot, the value is changed back to 0.
Should I write a bash script to run:
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
at startup? That would be like putting a bandaid on it though.
Any one know why the value is changing back and how to stop it?
Ive change the value back and rebooted 3 times.
I have logged 151 IP's issuing the "ICMP PING CyberKit 2.2 Windows" "ping" just today! This looks like a worm knocking at my door.
So yes, "its just a ping dude", but why? To see if a possibly exploitable host is up? Probably. I wouldn’t mind a few pings here & there but 151?!? Sounds automated.
I am in the same boat with IPCOP and the suggestions posted above have been great. I have another related question. Is there a way to block only icmp pings to the external (red) interface but still allow them to the internal? Right now I have all icmp being dropped but would like to keep icmp connectivity internally.
Heres what I found out on the freaking "ICMP PING CyberKit 2.2 Windows" issue.
Snort incorrectly detects hits from the Welchia worm (aka MSBlast.D, Lovsan.D, Nachi) as "ICMP PING CyberKit 2.2 Windows" hits.
Smoothwall is blocking this crap, as long as you are not forwarding port 135 you'll be ok, BUT, your d@mn logs keep filling up. (At lease it was a problem for me)
To stop Smoothwall from logging these hits on port 135,
After the line:
iptables -P OUTPUT ACCEPT
# drop hits from Blaster worm
iptables -A INPUT -p TCP -i $RED_DEV --dport 135 -s 0/0 -j DROP
This wasnt as big of a problem as the "ICMP PING CyberKit 2.2 Windows" filling up my logs though.
To stop Snort from logging these hits, edit /usr/local/lib/snort/icmp.rules
and comment out the line relating to CyberKit (line 29 in 2b5).
you comment out like this:
# this is a comment
To clear the Snort logs, do this:
echo > /var/log/snort/alert
rm -Rf /var/log/snort/*.*.*.*
To clear the firewall logs, do this:
echo > /var/log/messages
To clear old snort & firewall logs, do this:
rm -f /var/log/messages.*
rm -f /var/log/snort/alert.*