On Mon, 29 Sep 2003, cc wrote: > I've been monitoring the NAT router with pktstat and am a little > perturbed to see quite a lot of icmp echo requests. Now I've > setup my Linux firewall to reject icmp echo requests. > > Is this the right(?)/correct/valid/appropriate thing to do? I see a lot of pings too. At home my Linksys residential gateway reports that they look like they were address spoofed. (So how did it figure that out?) This leads me to suspect that they are part of a distributed denial of service attack -- the alleged origin of the ping, to which you are supposed to send a packet, is the victim. Before my home Linux gateway blew its motherboard, I just dropped all pings (in fact, just about everything) on the wild-side interface. Best not to send ICMP-host-unreachable; best to drop all unsolicited packets silently, except for AUTH requests, for which a rejection saves you an annoying timeout. Except, I like to monitor the home machine from work, so I accept pings from the work subnet only. James F. Carter Voice 310 825 2897 FAX 310 206 6673 UCLA-Mathnet; 6115 MSA; 405 Hilgard Ave.; Los Angeles, CA, USA 90095-1555 Email: jimc@xxxxxxxxxxxxx http://www.math.ucla.edu/~jimc (q.v. for PGP key)
