[clug] Dropped icmp packets - means what?

Kim Holburn kim.holburn at anu.edu.au
Fri Aug 22 10:25:36 EST 2003 

At 10:07 AM +1000 03/8/22, Peter Barker wrote:
>On Thu, 21 Aug 2003, Felix Karpfen wrote:
>
>> Attached is a log of the packets that were dropped by "iptables" today.
>
>Those are "ICMP echo" packets. The "ping" program will cause these to be
>generated. They are basically an "is anyone there" query. And before you
>ask, not answering is a bad idea, if you are there :-)

Not at all.  If you are a server or a router answering a ping is usually a good idea otherwise not answering is a good idea generally since there are few good reasons to let most people on the internet know you are there.

> > While the information in "man icmp" is well over my head, it did sound
>> to me that icmp messages relate to kernel activities and ought to be
>> internal to either the computer or - at least - to the network to which
>> the computer is attached.
>
>icmp is part of the glue which holds everything together. Or, at least,
>tells you when everything is falling apart.
>
>http://www.faqs.org/docs/iptables/icmptypes.html gives a list of icmp
>packet types.
>
>> Hence I am puzzled by the IP addresses of many of the dropped packages -
>> I have difficulty in relating these addresses to my ISP (WebOne).
>
>They're probably just people looking for machines to exploit. Nothing to
>worry about ;-P
>
>> Since WebOne has figured prominently in recent postings to this list, I
>> thought it worth forwarding my log for <inspection|comment>.
>
>WebOne are not responsible for this. Try looking up the "source" ip
>addresses:
>---
>pbarker at milligan:~$ host 210.10.160.121
>121.160.10.210.in-addr.arpa domain name pointer
>acc2-ppp121.syd.dialup.connect.net.au.
>pbarker at milligan:~$ host 68.72.165.225
>225.165.72.68.in-addr.arpa domain name pointer
>adsl-68-72-165-225.dsl.chcgil.ameritech.net.
>pbarker at milligan:~$ host 4.34.209.18
>18.209.34.4.in-addr.arpa domain name pointer
>chcgil2-ar7-4-34-209-018.chcgil2.dsl-verizon.net.
>pbarker at milligan:~$
>---
>
>Just make sure your machine is up-to-date. And relax - the internet's a
>nasty place :-)
>
>> Felix Karpfen
>
>Yours,
>--
>Peter Barker                          |   N    _--_|\ /---- Barham, Vic
>Programmer,Sysadmin,Geek              | W + E /     /\
>pbarker at barker.dropbear.id.au         |   S   \_,--?_*<-- Canberra
>You need a bigger hammer.             |             v    [35S, 149E]
>"They'll need a whole new Orwellian pseudo-crime-name for that... I
> suggest "digital molestation of kittens". -  Jeremi (14640) from Slashdot


-- 
--
Kim Holburn 
Network Consultant - Telecommunications Engineering
Research School of Information Sciences and Engineering
Australian National University - Ph: +61 2 61258620 M: +61 0417820641
Email: kim.holburn at anu.edu.au  - PGP Public Key on request

Life is complex - It has real and imaginary parts.
     Andrea Leistra (rec.arts.sf.written.Robert-jordan)

More information about the linux mailing list