> On Tue, Nov 18, 2003 at 10:50:02PM +0000, Antony Gelberg wrote: > >Looks like a ping (ICMP type 8). Where do you get port scanning from? > >FWIW, I think that blocking pings via a firewall isn't recommended, but > >not sure why.
Jon wrote: > It does not provide any kind of security or protection what-so-ever, > whilst removing the proper way of other people / you from elsewhere > determining if your connection is working ok. -- > Jon Dowland > http://jon.dowland.name/ What you have all said still does not sync, when I look at the Notes provided in my log I can see what you mean it is a type 8 icmp code 0. Or whatever you say that means, but the destination is another DNS server. This is a line taken from my my log again. 11/18/2003 14:53:24 Firewall default policy: ICMP (W to W/ZW, type:8, code:0) 66.61.104.72 66.61.118.206 ACCESS BLOCK 14 Ok like I mentioned in my first post if I do a Arin Whois on address 66.61.104.72 it tells me it is a DNS block. When I do a Arin Whois on the destination 66.61.118.206 it is another DNS block, both happen to belong to my ISP but in different cities. My cable modem action light is almost always solid orange, which tells me I have a busy link even if I am not using the net. So why am I getting pinged by a DNS server? Why are all the destinations reported by my router log points to another DNS server? Even if I forwarded the ping to a DMZ or a safe machine, it would not find the machine, since I do not have any access to that network block. My Debian uses DHCP to log into my ISP through my router, my windows machine's use static IP's setup to log into my router. My router is a Zyxel ZyWall 2xw with 802.11b for wireless clients. I do not run any web, ftp, servers, and at the moment I do not have any ports forwarded to any machine. Its like a default setup with a hardware firewall and no ports open to the outside world. All passwords are changed, and wep is changed at a reasonable time frame. Everything works great, except I keep getting those recorded in my log. I could understand if the destination was my router, or a machine under the subnet but it is not. Also the source machines seem to change unlike the destination machine. That is the reason I wanted to ask all of you, I really do not know why this is happening. Rthoreau -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]