LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-02-2003, 02:22 PM   #1
wfhoney
LQ Newbie
 
Registered: Aug 2003
Location: NorCal
Distribution: woody+rhel
Posts: 7

Rep: Reputation: 0
Port 0 (icmp,eth0,input) 7 packets


I have a lot of rejected packets going to Port 0, mostly in multiples of 7.

Can anyone explain what these are, or better still, how to set up a rule in ipchains which would allow them to be dropped gracefully (i.e. not hit my default rule which logs)?

Thanks in advance!

----------- snip -------------
Rejected packets from n146-109-141-208.tranquility.net (208.141.109.146).
Port 0 (icmp,eth0,input): 7 packet(s).
Total of 7 packet(s).

Rejected packets from fc-pm6-07.enetis.net (208.141.217.198).
Port 0 (icmp,eth0,input): 7 packet(s).
Total of 7 packet(s).

Rejected packets from s38.pm6.ovis.net (208.140.192.246).
Port 0 (icmp,eth0,input): 7 packet(s).
Total of 7 packet(s).
-------- end snip ----------
 
Old 09-02-2003, 02:38 PM   #2
m0rl0ck
Member
 
Registered: Nov 2002
Distribution: A totally 133t distro :)
Posts: 358

Rep: Reputation: 31
Theyre ping (icmp) packets. Could be someone scanning you and using bogus ips, probably the case if youre getting alot of them at the same time.

Put the folowing in a shell script:
----------------------------------------
# Disable response to ping.
/bin/echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all


# Disable response to broadcasts.
/bin/echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts


# Disable ICMP redirects.
/bin/echo "0" > /proc/sys/net/ipv4/conf/all/accept_redirects


# Log spoofed packets, source routed packets, redirect packets.
echo "1" > /proc/sys/net/ipv4/conf/all/log_martians
---------------------------------------------------------------

And run it. Should take care of it.

Last edited by m0rl0ck; 09-02-2003 at 02:40 PM.
 
Old 09-02-2003, 03:06 PM   #3
wfhoney
LQ Newbie
 
Registered: Aug 2003
Location: NorCal
Distribution: woody+rhel
Posts: 7

Original Poster
Rep: Reputation: 0
Good advice

Thanks m0rl0ck!

I had enabled ICMP for the convenience of some users.
 
Old 09-02-2003, 04:10 PM   #4
markus1982
Senior Member
 
Registered: Aug 2002
Location: Stuttgart (Germany)
Distribution: Debian/GNU Linux
Posts: 1,467

Rep: Reputation: 46
Check the ICMP parameters list (IANA) for more details!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ICMP Packets coolfrog Linux - Networking 4 12-22-2004 12:10 PM
dropping of ICMP packets from martian sources kishku Linux - Networking 2 10-19-2004 09:06 PM
How to send icmp packets on a particular interface? dravya Programming 3 07-29-2004 05:15 PM
Interpret ICMP packets SaTaN Linux - Networking 1 01-20-2004 11:23 PM
DENY ICMP Packets joseph Linux - Software 1 10-08-2003 11:03 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:08 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration