From owner-freebsd-questions Sun Dec 16 17:32:57 2001 Delivered-To: freebsd-questions@freebsd.org Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108]) by hub.freebsd.org (Postfix) with ESMTP id 71C3637B416 for ; Sun, 16 Dec 2001 17:32:51 -0800 (PST) Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108]) by cactus.fi.uba.ar (8.11.6/8.11.6) with ESMTP id fBH1WJE92314; Sun, 16 Dec 2001 22:32:19 -0300 (ART) (envelope-from fgleiser@cactus.fi.uba.ar) Date: Sun, 16 Dec 2001 22:32:19 -0300 (ART) From: Fernando Gleiser To: Frederico Costa Cc: Subject: RE: Question about IPFW and ICMP:8.0 In-Reply-To: <000001c1868f$6c05a880$0301a8c0@maxi> Message-ID: <20011216221603.R90119-100000@cactus.fi.uba.ar> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, 17 Dec 2001, Frederico Costa wrote: > Ok, thanks for the prmpt reply. > > Ok, i found another one ICMP:11.0. 8:0 is echo request. Some (user|process) is trying to ping the remote host. 11.0 is time excedded (ICMP type 11) in transit (code 0). Someone is runing a traceroute(8) against your host. > > But are these echo request normal? And why are they always for the same > server ? By far, the most of the ICMP echo request are generated by ping. I wouldn't worry about them. If you want to have a closer look, run tcpdump and capture those packets. I'd recommend you go and read Stevens' "TCP/IP Illustrated, vol1: the protocols". It is one of the best books on TCP/IP. Fer > > Thanks > > Frederico > > > -----Original Message----- > > From: Oliver, Michael W. [mailto:oliver.michael@gargantuan.com] > > Sent: 17 December 2001 01:10 > > To: 'Frederico Costa'; freebsd-questions@FreeBSD.ORG > > Subject: RE: Question about IPFW and ICMP:8.0 > > > > > > See RFC 792.... > > > > ICMP 8.0 is an ECHO request, initiated from the source > > address in your log file. > > > > =========== > > Michael Oliver > > > > -----Original Message----- > > From: Frederico Costa [mailto:frederico.costa@tiscali.no] > > Sent: Sunday, December 16, 2001 7:04 PM > > To: freebsd-questions@FreeBSD.ORG > > Subject: Question about IPFW and ICMP:8.0 > > > > > > Hi all ... > > > > I have been using FreeBSD for almost 5 years, and lately > > because of the several attempts to penetrate my system, I > > have set up ipfw to restrict access from the outside to my network. > > > > Everything is working quiet well, but I am getting the > > following log from ipfw several times: > > > > server /kernel: ipfw: 65435 Deny ICMP:8.0 213.142.81.223 > > 64.4.13.33 out via tun0 > > > > I have been able to understand most of the logs, but this one > > I just understand that ICMP is trying to send something out > > to server 64.4.13.33. but it is saying ICMP:8.0 What that means ? > > > > And why should my server initiate connection without my knowledge ? > > > > Thanks in advance for any information... > > > > Frederico > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message