hi people!
for weeks went i try to run my netwatch to monitor my internet connection i always see i088235073.rivernet.com.au trying to send me an icmp echo.
how do i stop this bogus site?? i need help....thks!

It's not a bogus site:
anyway, the most simple thing to stop those ICMP packets is to block all ICMP traffic
to your pc.
So add some rules to iptables to block ever ICMP that comes to your pc but don't block
the ones you requested

Feel free to change values, you might not be using eth0 and the -s 0/0 may be useless
too.

What about states to make it even safer?

/sbin/iptables -A OUTPUT -p icmp -o eth0 -m state --state NEW -j ACCEPT

This will only allow NEW pings to get out, but nothing that is related with incoming connections, i.e. RELATED, ESTABLISHED... I think this might stop echo replies even if you accepted the incoming echo request. Or is this unnecessary or even complete crap?

IMHO it's useless, I'm only allowing ICMP packets that answer my outgoing ICMP's.
So I don't see how an echo-reply or destination-unreachable or time-exceeded ICMP
can trigger a new outgoing one locally.
But... I could be wrong.

What about states to make it even safer?
ICMP doesn't maintain state. It's not using "conversations" like TCP does. ICMP is a "message" protocol: it "warns" when networks, hosts or ports are not (made) accessable. For instance if you connect to a restricted TCP port, you get a TCP message back. For the same UDP port you get an ICMP message back. Not all ICMP types are necessary or should be allowed (redirects or broadcast responses for instance): there's /proc/sys/net settings for a lot of ICMP stuff like for example ignoring echoes. To harden the rules Iceman47 gave you, you could add in/outbound ratelimits and deny ICMP types/codes you don't want/need.

Aha, I didn't know that. But... What is an echo-reply then? Or do you mean that the echo-reply doesn't contain any information about being a "related" packet to the incoming echo-request? And that TCP packets have for instance the ACK bit set, to say "hey, I belong to an established connection"?

Ah, sorry, I don't mean to hijack the thread, I'm just curious :]

For example: you send a ping out, server gets the packet and returns an ICMP with echo-reply set, so you know the server's up.
As your box requested the ICMP, your box knows when an echo-reply returns it's his.
There's no conversation like TCP in UDP, like unSpawn said.

Exactly.
By the way... I would like to express my dubts about blocking all ICMP stuff.
This is actually too restrictive, in my opinion. Limiting the amount of them over a range of time is enough. Don't forget ICMP data is a part of networking infrastructure. I would suggest people stop saying "block all ICMPs".

I don't say "block all ICMP", I say allow those that you want, drop the rest.

Sorry iceman, i didn't mean that. I actually quite nervous today and I misunderstood a little.
My "I would suggest people stop saying "block all ICMPs". " actually was a general comment and not targeted at you. I meant I am bored of people believing to be cool and suggesting to block ICMPs.

No need to appologize