Pings

Keith Mastin kmastin-PzQIwG9Jn9VAFePFGvp55w at public.gmane.org
Tue Sep 30 19:34:47 UTC 2003


> I've killed off icmp echo requests long ago actually, I just find it
> more a nuisance that these people persist daily and nightly to find an
> opening in my firewall.

A lot of that junk is generated by worms seeking out new customers, or
poorly configured (windoh$) machines. You should see a fair amount of
action on ports 113, 137, 445, 1361, 1443, and 53 udp. There is nothing to
do to stop all that from hitting your machine at the firewall, as it comes
via routing rather than broadcast.

> And as Mr Sonne suggested I'd much rather have
> someone scan my entire network with -PO before pinging me because it
> seems to be slowing my network down at times to a complete crawl with
> them occurring as often as they do. Thanks for your replies

Seeing as how the whole purpose of the logs is to be able to backtrack
over events, I wouldn't want to stop logging these attempts. You might log
them somewhere else though. Send kernel logging to a new log file, maybe
/var/log/kern? You could also send it to the console, but then the data
could easily be lost forever.

Pings might slow down your network if the packet sizes are messed up,
someone sending packets sized over the MTUs you use on your network
(default is generally 1500).

Fragmentation support in your firewall also carries some resource load
restraints, as does stateful packet filtering, so that might slow down
your firewall, but it shouldn't bring the entire INT_LAN to a crawl.

-- 
Keith Mastin
BeechTree Information Technology Services Inc.
Toronto, Canada
(416)696 6070


--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml





More information about the Legacy mailing list