On Thu, 04 Dec 2003 04:34, Derek Jennings wrote: > On Wednesday 03 Dec 2003 11:43 am, Sharrea Day wrote: > > Can someone please tell me if accepting all ICMP type 8 packets from > > all (including internet) poses much of a security threat. I previously > > only allowed these to/from my local network but I was getting a bit > > peeved at the number of entries in the logs/email which amount to > > hundreds of lines every day. > > If your machine responds to a ping then it may attract the attention of > someone who will make a determined attempt to break in. > On the other hand there are gazillions of computers on the net that do > respond to ping, so why should yours be any more likely to be attacked.
That's what I thought so I changed the shorewall rules to allow all pings last night. After being only connected to the internet for one hour, there were MANY more hits than usual. > As regards being annoyed by the log entries you could try putting an > entry in /etc/shorewall/rules like :- > > DROP net fw icmp 8 > > That should drop pings silently, and will override the default action in > shorewall/policy which is to drop and log. Just added that rule, stopped, cleared and started shorewall. Will see what my logs look like in an hour or two. I never thought to add the rule (duh!) because shorewall was already blocking it with the default net2all policy. > I have not tested the above because I have just started using ulogd to > put all my firewall hits into an SQL database (instead of syslog) which > can then be interrogated by a neat application called Webfwlog. > If you want to see what it looks like go here > http://www.jennings.homelinux.net/webfwlog-0.81/webfwlog/webfwlog.php Looks great! Far more options than my fwlogwatch web report. And shorter "System Check" email messages ;) > Before anyone asks how to do it. I am preparing a write up. Its a bit > complicated. Eagerly awaiting your instructions. I'm definitely keen to try it. Thanks Derek for your advice. I have a hunch that the shorewall rule above will do the trick. Sharrea -- Help Microsoft stamp out piracy - give Linux to a friend today
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com