The Briefing Room
General Category => Science, Technology and Knowledge => Computers => Topic started by: Free Vulcan on April 30, 2017, 08:49:19 pm
-
Question for the techies. My firewall is getting knocked on pretty hard, so hard it often bounces me off line. The log indicates it's all from ingoing and outgoing ICMP. Tracked some of the remote IP's and a number go to suspicious places like Russia, Romania, and Ukraine.
I've disabled the ICMP permissions for now, wonder if you could give me a heads up as to what may be going on.
@Oceander
-
ICMP flood (or ping flood).
Someone is either trying to learn more about your network, or disrupt your service with a denial of service attack.
There's probably not a lot of downside to disabling ICMP replies in a home or small office environment. Not everyone agrees, but I prefer to drop requests vs rejecting them in case of a DoS.
You may want to contact your ISP, as their hardware should be able to filter out a lot more than yours without falling over.
Here's more detail than you probably want:
https://www.sans.org/reading-room/whitepapers/threats/icmp-attacks-illustrated-477
-
ICMP flood (or ping flood).
Someone is either trying to learn more about your network, or disrupt your service with a denial of service attack.
There's probably not a lot of downside to disabling ICMP replies in a home or small office environment. Not everyone agrees, but I prefer to drop requests vs rejecting them in case of a DoS.
You may want to contact your ISP, as their hardware should be able to filter out a lot more than yours without falling over.
Here's more detail than you probably want:
https://www.sans.org/reading-room/whitepapers/threats/icmp-attacks-illustrated-477
Thanks, informative article. No problems so far shutting them off, so I'm going to run with it and let my ISP know what's going on.
-
@Free Vulcan
Try this article about a Firewall/IDS system. It's free and seems to work pretty well:
CSF/IFD (https://www.linux.org/threads/install-csf-lfd-to-help-secure-your-linux-server.4360/)