On Thu, 04 Dec 2003 01:01, Raffaele Belardi wrote: > Better not if your machine has a public static IP address. ICMP type 8 > (ping) can be used to discover the IP address through ping 'storms', and > then use it for attacks to higher level protocols. Also there is the > ping of death attack that can crash your machine - although maybe newer > TCP/IP implementations are immune.
Thanks Raffaele. Just checked the fwlog this morning after changing shorewall to allow pings last night and only being connected to the internet for one hour - and holy shite! MANY more hits than usual on ports 80 and 17300. Strange that so many hits on port 17300 all from different source IPs when I don't even know what that port is used for??? Its not listed in /etc/services and I haven't made any rules for that port myself. > I'm sure there is a way to request IPtables not to log the > rejected/dropped ping packets, but I wouldn't be able to tell you OTOH. > Maybe somebody else already knows. I'll try Derek's suggestion and see what happens. Thanks again for your input. I've been wondering about this for ages. Sharrea -- Help Microsoft stamp out piracy - give Linux to a friend today
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com