On Wednesday 03 Dec 2003 11:43 am, Sharrea Day wrote: > Hi All > > Can someone please tell me if accepting all ICMP type 8 packets from all > (including internet) poses much of a security threat. I previously only > allowed these to/from my local network but I was getting a bit peeved at > the number of entries in the logs/email which amount to hundreds of lines > every day. > > Any advice appreciated. > > Sharrea
If your machine responds to a ping then it may attract the attention of someone who will make a determined attempt to break in. On the other hand there are gazillions of computers on the net that do respond to ping, so why should yours be any more likely to be attacked. As regards being annoyed by the log entries you could try putting an entry in /etc/shorewall/rules like :- DROP net fw icmp 8 That should drop pings silently, and will override the default action in shorewall/policy which is to drop and log. I have not tested the above because I have just started using ulogd to put all my firewall hits into an SQL database (instead of syslog) which can then be interrogated by a neat application called Webfwlog. If you want to see what it looks like go here http://www.jennings.homelinux.net/webfwlog-0.81/webfwlog/webfwlog.php Before anyone asks how to do it. I am preparing a write up. Its a bit complicated. derek -- ---------------------------------- www.jennings.homelinux.net http://twiki.mdklinuxfaq.org
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
