Re: [hlds_linux] ICMP packets, outbound?
Tyler "[TASF]Overkill" Schwend wrote: With this Blaster and Welchia crap still going around, we've been watching ICMP (Welchia) packets pretty closely. When I took my server down for a bit to update to Steam, I noticed the following packets: 09:06:07.869320 telefragged.lynchburg.edu > amarseille-202-1-6-49.w80-15.abo.wanadoo.fr: icmp: telefragged.lynchburg.edu udp port 27015 unreachable [tos 0xc0] Is there any documentation on these packets getting sent out? Is this part of Linux? Or something HLDS related? Can it be disabled? Actully these ICMP packets are been send from your machine because clients from other IPs are trying to connect into your machine. As your port is closed (down), your machine are telling them "udp port 27015 unreachable". No need to worry, it's a normal procedure of IP. If you want to disable something, cut off the following icmp types: router-solicitation, (TOS)-host-redirect, (TOS)-network-redirect, timestamp-request, address-mask-request, timestamp-reply and address-mask-reply. If you are really paranoid, cut off echo-request and be "down" to pings. -- dual_bereta_r0x -- Alexandre Hautequest ArenaNetwork Lan House & Cyber -- www.arenanetwork.com.br ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] ICMP packets, outbound?
* Tyler \[TASF]Overkill\ Schwend [2003-09-11 14:14]: > With this Blaster and Welchia crap still going around, we've been watching > ICMP (Welchia) packets pretty closely. When I took my server down for a bit > to update to Steam, I noticed the following packets: > > 09:06:04.137710 telefragged.lynchburg.edu > 61.186.110.209: icmp: > telefragged.lynchburg.edu udp port 27015 unreachable [tos 0xc0] > Is there any documentation on these packets getting sent out? Is this part > of Linux? Or something HLDS related? Can it be disabled? > Hi Tyler, I'm replying to you directly and the list because it is still very bogged. The last email I got was from 3am this morning, and its 2:22pm. Anyway, those are normal. Because you took the server down, the box is saying that port is now unreachable (nothing is listening anymore). As for blocking them, depends on the OS. If it is linux: iptables -i INPUT -p udp --dport 27015 -j DROP Will take care of it. If you are using fbsd, use ipf (I don't know the syntax off the top of my head). You might also notice other ports being hit on too .. You'll have to block those as well untill things settle down. Hope this helps. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
[hlds_linux] ICMP packets, outbound?
With this Blaster and Welchia crap still going around, we've been watching ICMP (Welchia) packets pretty closely. When I took my server down for a bit to update to Steam, I noticed the following packets: 09:06:04.137710 telefragged.lynchburg.edu > 61.186.110.209: icmp: telefragged.lynchburg.edu udp port 27015 unreachable [tos 0xc0] 09:06:04.265797 telefragged.lynchburg.edu > chello062179025002.chello.pl: icmp: telefragged.lynchburg.edu udp port 27015 unreachable [tos 0xc0] 09:06:05.114364 telefragged.lynchburg.edu > 218.146.67.14: icmp: telefragged.lynchburg.edu udp port 27015 unreachable [tos 0xc0] 09:06:05.267529 telefragged.lynchburg.edu > modemcable022.117-131-66.nowhere.mc.videotron.ca: icmp: telefragged.lynchburg.edu udp port 27015 unreachable [tos 0xc0] 09:06:05.865850 telefragged.lynchburg.edu > amarseille-202-1-6-49.w80-15.abo.wanadoo.fr: icmp: telefragged.lynchburg.edu udp port 27015 unreachable [tos 0xc0] 09:06:06.175044 telefragged.lynchburg.edu > 61.186.110.209: icmp: telefragged.lynchburg.edu udp port 27015 unreachable [tos 0xc0] 09:06:07.869320 telefragged.lynchburg.edu > amarseille-202-1-6-49.w80-15.abo.wanadoo.fr: icmp: telefragged.lynchburg.edu udp port 27015 unreachable [tos 0xc0] Is there any documentation on these packets getting sent out? Is this part of Linux? Or something HLDS related? Can it be disabled? ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux