icmp in ipchains

icmp in ipchains

Post by A J Kenned » Tue, 17 Apr 2001 11:38:01



Hello,

           I would liked to know the process via ipchains to filter icmp
requests to & from my machine. I nessus scan returns the following info

Solution : filter out the icmp timestamp
requests (13), and the outgoing icmp
timestamp replies (14).

I have looked up info on this but i couldnt find alot. Ideally i would like
to be able to ping my machnie from internal 192.x.x.x network & from my work
machine.

--
Regards...

Andrew

 
 
 

icmp in ipchains

Post by Tr?ütm » Tue, 17 Apr 2001 13:37:25



following:

Quote:>Solution : filter out the icmp timestamp
>requests (13), and the outgoing icmp
>timestamp replies (14).

>I have looked up info on this but i couldnt find alot. Ideally i would
>like to be able to ping my machnie from internal 192.x.x.x network &
>from my work machine.

http://muse.linuxmafia.org/lost+found/icmp-types.html

From the ipchains man page:

-s, --source [!] address[/mask] [!] [port[:port]]
              Source  specification.  Address can be either a hostname, a
              network name, or a plain IP address.  The mask can be
              either a network mask or a  plain number,  specifying  the
              number  of  1's at the left side of the network
              mask.  Thus, a mask of 24 is equivalent to 255.255.255.0.
              A "!" argument before the address specification inverts the
              sense of the address. The  source  may  include  a  port
              specification or ICMP type.  This can either be a service
              name, a port number, a numeric ICMP type, or  one  of
              the ICMP type names shown by the command
              ipchains  -h icmp Note that many of these ICMP names refer
              to both a type and code, meaning that an ICMP code after
              the -d flag is illegal.  In the rest  of  this  paragraph,
              a port means either a port specification or an
              ICMP type.  An inclusive range is can also be specified,
              using the format port:port.   If the first port is omitted,
              "0" is assumed; if the last is omitted, "65535" is assumed.
              Ports may only be specified in combination with the  tcp,
              udp,  or  icmp protocols.   A "!" before the port
              specification inverts the sense.  When the check command is
              specified, exactly one port is required, and if  the
              -f (fragment) flag is specified, no ports are allowed.  The
              flag --src is a convenience alias for this option.

HTH

--
______________________________
Mike Troutman
        http://www.troutman.org
        http://www.zen-data.com

 
 
 

icmp in ipchains

Post by Manfred Bart » Tue, 17 Apr 2001 14:44:48



Quote:> I would liked to know the process via ipchains to filter icmp
> requests to & from my machine. I nessus scan returns the following
> info

> Solution : filter out the icmp timestamp
> requests (13), and the outgoing icmp
> timestamp replies (14).

> I have looked up info on this but i couldnt find alot. Ideally i
> would like to be able to ping my machnie from internal 192.x.x.x
> network & from my work machine.

I use the script below, modify to suit.

# allow useful ICMP packets
 for t in echo-reply \
          destination-unreachable \
          time-exceeded \
          parameter-problem
 do
     ipchains -A ICMPpkts $IFINET -p icmp --icmp-type $t -j ACCEPT
 done

# heartbeat from x.y.com, 1 every 10 minutes
 ipchains -A ICMPpkts $IFINET -p icmp --icmp-type echo-request \
          -s x.x.x.x -j DENY -l

# other pings, drop without logging
 ipchains -A ICMPpkts $IFINET -p icmp --icmp-type echo-request \
          -j DENY

# deny all remaining ICMP packets
 ipchains -A ICMPpkts $IFINET -j DENY -l

--
Manfred
---------------------------------------------------------------
ipchainsLogAnalyzer, NetCalc, whois at: <http://logi.cc/linux/>
     NEW: <http://logi.cc/linux/NetfilterLogAnalyzer.php3>

 
 
 

icmp in ipchains

Post by Davi » Tue, 17 Apr 2001 15:29:46



> Hello,

>            I would liked to know the process via ipchains to filter icmp
> requests to & from my machine. I nessus scan returns the following info

> Solution : filter out the icmp timestamp
> requests (13), and the outgoing icmp
> timestamp replies (14).

> I have looked up info on this but i couldnt find alot. Ideally i would like
> to be able to ping my machnie from internal 192.x.x.x network & from my work
> machine.

> --
> Regards...

> Andrew

# ICMP TIMESTAMP INBOUND -------------------------------
# Do NOT reply to ICMP TIMESTAMP packets (type 13 and 14) (this can help
# stop OS fingerprinting)
#
echo "       Optional parameter: ICMP TIMESTAMP inbound filtered"
ipchains -A input -j DENY -i $EXTDEV -p icmp -s $ANYWHERE -d $EXTERNALIP
--icmp-type timestamp-request -l
ipchains -A input -j REJECT -i $EXTDEV -p icmp -s $ANYWHERE -d
$EXTERNALIP --icmp-type timestamp-reply -l

# ICMP TIMESTAMP OUTBOUND ------------------------------
# Do NOT reply to ICMP TIMESTAMP packets (type 13 and 14) (this can help
#   stop OS fingerprinting) $EXTERNALIP
#
echo "       Optional parameter: ICMP TIMESTAMP outbound filtered"

ipchains -A output -j REJECT -i $EXTDEV -p icmp -s $EXTERNALIP -d
$ANYWHERE --icmp-type timestamp-request -l

ipchains -A output -j REJECT -i $EXTDEV -p icmp -s $EXTERNALIP -d
$ANYWHERE --icmp-type timestamp-reply -l

--
Confucius say: He who play in root, eventually kill tree.
Registered with the Linux Counter.  http://counter.li.org
ID # 123538
Completed more W/U's than 99.162% of seti users. +/- 0.01%

 
 
 

1. ipchains - blocking outgoing ICMP/UDP

Hello,

I run a public shell box and I want to prevent my users from launching a
denial of service attack from my server. Would blocking outgoing ICMP and
UDP do any good? What types of ICMP can I block without running into
problems other than type 3, echo request?

I really don't need UDP as I run no UDP services and I hear UDP also has
echo requests.

Also, What types of ICMP can I block incoming to me other than type 3
without running into problems?

Also, is there a way to prevent spoofed packets from going outbound?

Is there a better way to defend against SYN floods other than using SYN
cookies?

Would iptables do a better job of what I need rather than ipchains? The
firewall will be used to defend the computer it runs on, no masquerdaing or
network behind it.

Any help would be appreciated.

- Krish

--
I have not failed 10,000 times. I have successfully found 10,000 ways that
will not work. --Thomas A. Edison

2. interrupt handling, PLEASE HELP!

3. How to block ICMP redirects using ipchains

4. CDR's behaving badly

5. ipchains ICMP bug ...

6. Netscape

7. Blocking icmp with IPCHAINS!!

8. Using multiple hardrives as one partition.

9. ipchains: icmp "port" 8 to "port" 0

10. "ICMP: failed checksum", IPCHAINS and p2p

11. ipchains: masq internal ICMP but deny ext?

12. ICMP, IPChains and logging

13. Help needed w/ Ipchains & ICMP blocking