ping: sendmsg: Operation not permitted on certain websites/domains

shayno90 · 11-14-2012, 08:12 AM

Running FIAIF on debian lenny.

Cannot ping (as root) certain domains/websites:

ping -c4 openvas.org
PING openvas.org (5.9.98.186) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted

--- openvas.org ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3024ms

ping -c4 snort.org
PING snort.org (23.23.143.164) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted

--- snort.org ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3023ms

ping -c4 paypal.com
PING paypal.com (66.211.169.66) 56(84) bytes of data.

--- paypal.com ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 2999ms

Works normally for other domains/websites:

ping -c4 google.com
PING google.com (74.125.24.101) 56(84) bytes of data.
64 bytes from de-in-f101.1e100.net (74.125.24.101): icmp_req=1 ttl=55 time=6.44 ms
64 bytes from de-in-f101.1e100.net (74.125.24.101): icmp_req=2 ttl=55 time=7.38 ms
64 bytes from de-in-f101.1e100.net (74.125.24.101): icmp_req=3 ttl=55 time=6.64 ms
64 bytes from de-in-f101.1e100.net (74.125.24.101): icmp_req=4 ttl=55 time=6.75 ms

--- google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 6.442/6.804/7.385/0.366 ms

Adjusted rule in FIAIF for ICMP:
INPUT:
#INPUT[0]="ACCEPT icmp fragmentation-needed 0.0.0.0/0=>0.0.0.0/0"
INPUT[0]="ACCEPT icmp echo-request 0.0.0.0/0=>0.0.0.0/0"

OUTPUT:
OUTPUT[0]="ACCEPT ALL 0.0.0.0/0=>0.0.0.0/0"

FORWARD:
#FORWARD[0]="ALL ACCEPT icmp fragmentation-needed 0.0.0.0/0=>0.0.0.0/0"
FORWARD[0]="ALL ACCEPT icmp echo-request 0.0.0.0/0=>0.0.0.0/0"

Restarted FIAIF:
/etc/init.d/fiaif restart

I keep getting the same result as above. Any ideas as not much documentation onlin on FIAIF.

Do I need to run this command also?:
#/usr/sbin/fiaif-update update

Does it update the reserved-network file or the fiaif package?

Thanks.

malekmustaq · 11-14-2012, 08:30 AM

What are you doing... some sites do not respond to ping signals, they are just dropped, for certain reasons they have. Their firewalls are configured to drop identified UDP packets intentionally so you will never hear from them: as if as they don't exist.

If a server doesn't return your packet that probably indicates: "Please don't disturb."

Anyway you have successfully ping-ged google.com, that should be enough. If you want to ping more, ping your providers' DNS servers, that manner at least you have confined it within your subnet.

How to guess which is your DNS (if not given by the ISP)? Use traceroute... the ones within 2-3 hops are "usually" within your subnet. Ping them. Save the bandwidth for important traffics in the internet.

Hope that helps.

Good luck.

shayno90 · 11-14-2012, 01:39 PM

Quote:

Originally Posted by malekmustaq

What are you doing... some sites do not respond to ping signals, they are just dropped, for certain reasons they have. Their firewalls are configured to drop identified UDP packets intentionally so you will never hear from them: as if as they don't exist.

If a server doesn't return your packet that probably indicates: "Please don't disturb."

Anyway you have successfully ping-ged google.com, that should be enough. If you want to ping more, ping your providers' DNS servers, that manner at least you have confined it within your subnet.

How to guess which is your DNS (if not given by the ISP)? Use traceroute... the ones within 2-3 hops are "usually" within your subnet. Ping them. Save the bandwidth for important traffics in the internet.

Hope that helps.

Good luck.

I want to ping those sites as I currently cannot access them via http in any browser.

I wanted to determine if my firewall was blocking a connection to them but it appears the my squid3 proxy is the issue as shown below:
I cannot connect to www.snort.org via squid3 proxy:
-------------------------------------------------
TCP_MISS/503 4002 GET http://www.snort.org/ - DIRECT/23.23.170.170 text/html
---------------------------------------------------
The following error was encountered while trying to retrieve the URL: http://www.snort.org/

Connection to 23.23.170.170 failed.

The system returned: (110) Connection timed out

The remote host or network may be down. Please try the request again.

Your cache administrator is webmaster.
----------------------------------------
I added the dns_v4 option to squid.conf:
dns_v4_fallback on

and also:

#tcp_outgoing_address 23.23.170.170

the above don't work, plus

telnet snort.org 80
Trying 23.23.143.164...
telnet: Unable to connect to remote host: Connection timed out

and

telnet openvas.org 80
Trying 5.9.98.186...
telnet: Unable to connect to remote host: Connection timed out

Those domains used to be accessible so I am not sure what was changed exactly in the firewall.

Then paypal.com used to be accessible and now this:

telnet paypal.com 80
Trying 66.211.169.66...
Connected to paypal.com.
Escape character is '^]'.

but in the browser:

Unable to connect
Firefox can't establish a connection to the server at www.paypal.com.

I don't know why squid3 is blocking those websites/domains, if you could help?