Home / Browse / IPCop Firewall / Mail / Archive

IPCop Firewall

Email Archive: ipcop-user (read-only)

2001:	_Jan	_Feb	_Mar	_Apr	_May	_Jun	_Jul	_Aug	_Sep	_Oct	_Nov	_Dec (96)
2002:	_Jan (367)	_Feb (707)	_Mar (1352)	_Apr (1146)	_May (978)	_Jun (930)	_Jul (863)	_Aug (845)	_Sep (702)	_Oct (719)	_Nov (719)	_Dec (652)
2003:	_Jan (1163)	_Feb (991)	_Mar (1371)	_Apr (993)	_May (1476)	_Jun (1024)	_Jul (1093)	_Aug (1724)	_Sep (1603)	_Oct (1275)	_Nov (989)	_Dec (746)
2004:	_Jan (998)	_Feb (1049)	_Mar (1045)	_Apr (661)	_May (692)	_Jun (609)	_Jul (497)	_Aug (516)	_Sep (749)	_Oct (973)	_Nov (697)	_Dec (766)
2005:	_Jan (953)	_Feb (903)	_Mar (939)	_Apr (620)	_May (599)	_Jun (645)	_Jul (502)	_Aug (522)	_Sep (504)	_Oct (666)	_Nov (570)	_Dec (551)
2006:	_Jan (641)	_Feb (478)	_Mar (635)	_Apr (472)	_May (369)	_Jun (542)	_Jul (343)	_Aug (620)	_Sep (438)	_Oct (441)	_Nov (403)	_Dec (394)
2007:	_Jan (556)	_Feb (427)	_Mar (662)	_Apr (549)	_May (463)	_Jun (405)	_Jul (320)	_Aug (332)	_Sep (541)	_Oct (433)	_Nov (319)	_Dec (386)
2008:	_Jan (402)	_Feb (394)	_Mar (328)	_Apr (350)	_May (262)	_Jun (274)	_Jul (353)	_Aug (483)	_Sep (277)	_Oct (391)	_Nov (220)	_Dec (230)
2009:	_Jan (270)	_Feb (166)	_Mar (175)	_Apr (204)	_May (190)	_Jun (187)	_Jul (263)	_Aug (119)	_Sep (125)	_Oct (169)	_Nov (166)	_Dec (84)
2010:	_Jan (108)	_Feb (154)	_Mar (82)	_Apr (104)	_May (69)	_Jun (125)	_Jul (70)	_Aug (108)	_Sep (72)	_Oct (65)	_Nov (85)	_Dec (57)
2011:	_Jan (112)	_Feb (37)	_Mar (25)	_Apr (76)	_May (61)	_Jun (42)	_Jul (104)	_Aug (106)	_Sep (56)	_Oct (118)	_Nov (98)	_Dec (59)
2012:	_Jan (96)	_Feb (84)	_Mar (66)	_Apr (69)	_May (83)	_Jun (50)	_Jul (40)	_Aug (43)	_Sep (65)	_Oct (65)	_Nov (41)	_Dec (38)
2013:	_Jan (46)	_Feb (60)	_Mar (123)	_Apr (66)	_May (34)	_Jun	_Jul	_Aug	_Sep	_Oct	_Nov	_Dec

[IPCop-user] Re: IDS log entries for ICMP PING CyberKit 2.2 from...

From: James Taylor <james_n_taylor@ya...> - 2003-08-19 09:28

> ATTACHMENT part 3.11 message/rfc822 
> Date: Tue, 19 Aug 2003 17:59:57 +0900
> From: Jean-Christian Imbeault <jc@...>
> To: ipcop-user@...
> Subject: [IPCop-user] Getting too many ICMP packets logged
> 
> I have been getting about 10000 of the following types of log entries 
> per day:
> 
> ipcop kernel: OUTPUT IN=ppp0 OUT=eth0 SRC=219.140.69.44 DST=x.x.x.x 
> LEN=92 TOS=0x00 PREC=0x00 TTL=112 ID=39724 PROTO=ICMP TYPE=8 CODE=0 
> ID=512 SEQ=49361
> 
> Would it be safe for me to DROP these ICMP packets. If it is safe what 
> would be the best kind of rule?

Of course the reason I'm only getting hits from within my ISP is because they
must be blocking it from elsewhere... Doh... 
 
This is too much... I don't see any problems in dropping these packets...

Added to /etc/rc.d/rc.local the usual ICMP echo-request drop rule (I already
have /sbin/iptables -F CUSTOMINPUT at top of file)

/sbin/iptables -A CUSTOMINPUT -i $RED_DEV -p icmp --icmp-type echo-request -j
DROP

and # in front of the specific rule in /etc/snort/icmp.rules file.

Regards
James

> 
> Thanks,
> 
> Jean-Christian Imbeault
> 


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com