On Tuesday 13 July 2004 9:31 am, Spiro Azkoul wrote:
> I shutdown a bunch of startup services and only have specific ports open,
> and IPTABLES on top.
>
> Out of no where, the following lines appeared on my netstat as of 3 days
> ago
>
> raw 125024 0 *:icmp *:* 7
> raw 126688 0 *:icmp *:* 7
> raw 126688 0 *:icmp *:* 7
>
> I can't exactly figure out what this is.
It suggests to me that you have decided to block (all?) ICMP packets.
The numbers 125024 etc indicate the number of packets received on the socket
but not processed by any application.
>From the netstat man page:
-----
OUTPUT
Active Internet connections (TCP, UDP, raw)
Proto
The protocol (tcp, udp, raw) used by the socket.
Recv-Q
The count of bytes not copied by the user program connected to this
socket.
Send-Q
The count of bytes not acknowledged by the remote host.
-----
Check your rules to see what ICMP you are allowing - my suspicion is that it
isn't enough...
Regards,
Antony.
--
If builders made buildings the way programmers write programs, then the first
woodpecker to come along would destroy civilisation.
Please reply to the list;
please don't CC me.
