[clug] Dropped icmp packets - means what?

Peter Barker pbarker at barker.dropbear.id.au
Fri Aug 22 10:07:37 EST 2003 

On Thu, 21 Aug 2003, Felix Karpfen wrote:

> Attached is a log of the packets that were dropped by "iptables" today.

Those are "ICMP echo" packets. The "ping" program will cause these to be
generated. They are basically an "is anyone there" query. And before you
ask, not answering is a bad idea, if you are there :-)

> While the information in "man icmp" is well over my head, it did sound
> to me that icmp messages relate to kernel activities and ought to be
> internal to either the computer or - at least - to the network to which
> the computer is attached.

icmp is part of the glue which holds everything together. Or, at least,
tells you when everything is falling apart.

http://www.faqs.org/docs/iptables/icmptypes.html gives a list of icmp
packet types.

> Hence I am puzzled by the IP addresses of many of the dropped packages -
> I have difficulty in relating these addresses to my ISP (WebOne).

They're probably just people looking for machines to exploit. Nothing to
worry about ;-P

> Since WebOne has figured prominently in recent postings to this list, I
> thought it worth forwarding my log for <inspection|comment>.

WebOne are not responsible for this. Try looking up the "source" ip
addresses:
---
pbarker at milligan:~$ host 210.10.160.121
121.160.10.210.in-addr.arpa domain name pointer
acc2-ppp121.syd.dialup.connect.net.au.
pbarker at milligan:~$ host 68.72.165.225
225.165.72.68.in-addr.arpa domain name pointer
adsl-68-72-165-225.dsl.chcgil.ameritech.net.
pbarker at milligan:~$ host 4.34.209.18
18.209.34.4.in-addr.arpa domain name pointer
chcgil2-ar7-4-34-209-018.chcgil2.dsl-verizon.net.
pbarker at milligan:~$
---

Just make sure your machine is up-to-date. And relax - the internet's a
nasty place :-)

> Felix Karpfen

Yours,
-- 
Peter Barker                          |   N    _--_|\ /---- Barham, Vic
Programmer,Sysadmin,Geek              | W + E /     /\
pbarker at barker.dropbear.id.au         |   S   \_,--?_*<-- Canberra
You need a bigger hammer.             |             v    [35S, 149E]
"They'll need a whole new Orwellian pseudo-crime-name for that... I
 suggest "digital molestation of kittens". -  Jeremi (14640) from Slashdot

More information about the linux mailing list