LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page fake icmp response
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-21-2005, 12:24 PM   #1
c0lin
LQ Newbie
 
Registered: Jun 2003
Distribution: RedHat 9.0
Posts: 6

Rep: Reputation: 0
fake icmp response

Can somebody help me with this:
usually when i ping my firewall from outside (Internet) i get a "Request timed out" because of the
Quote:
iptables -P DROP
Instead of this message id like that the firewall to respond with a
Quote:
Destination host unreachable
This issue appeared when somebody noticed that if he pings the firewall when is powered off it responds with a
Quote:
Destination host unreachable
and
if he pings the firewall when is powered on it responds with a
Quote:
Request timed out
 
Old 01-21-2005, 02:02 PM   #2
c0lin
LQ Newbie
 
Registered: Jun 2003
Distribution: RedHat 9.0
Posts: 6

Original Poster
Rep: Reputation: 0
I should googled a little bit more...

Quote:
iptables -A -p icmp -j REJECT --reject-with icmp-host-unreachable
 
Old 01-21-2005, 09:42 PM   #3
SciYro
Senior Member
 
Registered: Oct 2003
Location: hopefully not here
Distribution: Gentoo
Posts: 2,038

Rep: Reputation: 51
careful, that will reject all icmp requests, so add some lines before that to except some icmp types, personally tho, i also block types (i think it was) 15-18 (they are requests for info) , and only allow "related" icmp traffic thru after that
 
Old 01-22-2005, 12:06 AM   #4
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Agreed. Blocking all ICMP traffic is going to make your system hang when a webpage/site is unavailable, rather then immediately generating an error. Allow ESTABLISHED and RELATED and you should receive all important ICMP types. Also note that the rules you posted doesn't have a chain associated with it (INPUT, OUTPUT, FORWARD, etc) and will fail.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Fake Directories wwnexc Linux - Software 14 09-05-2005 11:43 PM
ICMP traffic archives/writing ICMP traffic in a file maia_1 Programming 0 07-20-2004 03:43 AM
fake ip's g452 Linux - Networking 3 06-04-2004 01:26 PM
fake out netcraft.com chrisknight Linux - General 8 03-13-2004 07:53 PM
fake email oulevon General 4 05-23-2001 05:07 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:28 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration