[EMAIL PROTECTED] writes: > Packet log: input DENY eth0 PROTO=1 yyy.y.yy.yy:3 xxx.xx.xxx.xxx:13 L=56 > S=0x00 I=29688 F=0x0000 T=244 (#30) > > It's the :13 part that I found unusual, A little research has revealed > that it may be an attempt to fingerprint our system to see what is > available. I was lead to believe that this is the Timeday port. Is this > correct ? xxx is our public IP address. And yyy is the remote IP address > that is making the contact.
You should've started with the PROTO=1 bit... | zsh, spodzone 12:00AM piglet % ipchains -h icmp | ipchains 1.3.10, 1-Sep-2000 | | Valid ICMP Types: | Type Code Description | 0 0 echo-reply (pong) | 3 destination-unreachable [snip] | 12 TOS-host-unreachable | 13 communication-prohibited | 14 host-precedence-violation | 15 precedence-cutoff to which the short answer is, "don't go there then". More to the point, you should *not* be filtering ICMP type 3 anyway. <http://logi.cc/linux/NetfilterLogAnalyzer.php3> is your friend. ~Tim -- <http://spodzone.org.uk/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
