From: Ronald <ronald645@gmail.com>
To: Michael Hissler <mhis38@yahoo.de>
Cc: netfilter@lists.netfilter.org
Subject: Re: Unable to block ICMP
Date: Mon, 16 Apr 2007 18:53:56 +0200 [thread overview]
Message-ID: <4623AA24.4000002@gmail.com> (raw)
In-Reply-To: <4622A0A4.70007@yahoo.de>
Michael Hissler schreef:
> Ronald wrote:
>
>> Check this thread (posted by me):
>>
>> http://forums.fedoraforum.org/forum/showthread.php?t=152539
>>
>> Could anyone help me here with the problem please ?
>>
>>
>> Ronald
>>
>
> Hi Ronald,
>
> I don't know why your ports are 'closed' instead of 'stealthed', but it
> has nothing to do with ICMP. ICMP doesn't use ports, so it's impossible
> to send a ping to a port, especially a TCP or UDP port as those are
> completly different protocols.
>
> Are you using the 'Stealth Test'? This test sends TCP and UDP packets to
> your IP, but no ICMP packets. There's a test called 'TCP ping packet',
> but this has nothing to do with ICMP echo request, so dropping ICMP will
> not solve your problem.
>
> BTW: Dropping *all* incoming ICMP packets is a bad idea. You should
> ACCEPT ICMP type 3 (destination unreachable), type 11 (time exceeded)
> and perhaps type 12 (parameter problem), as those ICMP packets indicate
> transmission errors you (your applications) probably want to know about.
>
> I just tried the 'Stealth Test' on pcflank.com and the result is
> 'stealthed' for all tests, but the following could be the interesting part:
>
> "We have sent following packets to TCP:1 port of your machine:"
>
> If my interpretation is correct, it means that the packets are sent to
> port 1/tcp (and the UDP packet to port 1/udp).
>
> Add the following line to your rules:
>
> iptables -A INPUT -p tcp --dport 1 -j DROP
>
> Then, the test should result in 'stealthed' for all TCP tests, but
> 'closed' for the UDP test.
>
>
> michael
>
>
>
That is weird, if you block ICMP outgoing in comodo, all the closed
ports are shown as stealthed. This is really confusing ...
next prev parent reply other threads:[~2007-04-16 16:53 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-04-15 15:13 Unable to block ICMP Ronald
2007-04-15 15:16 ` Thomas d'Otreppe
[not found] ` <46224EFE.6060409@gmail.com>
2007-04-15 16:14 ` Thomas d'Otreppe
2007-04-15 17:10 ` Ronald
2007-04-15 18:14 ` Rob Sterenborg
2007-04-15 20:29 ` Dean Anderson
2007-04-16 5:30 ` Ronald
2007-04-17 9:46 ` Marc Haber
2007-04-17 15:12 ` Cedric Blancher
2007-04-15 22:01 ` Michael Hissler
2007-04-16 16:53 ` Ronald [this message]
2007-04-17 9:20 ` Michael Hissler
2007-04-19 9:23 ` Ronald
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4623AA24.4000002@gmail.com \
--to=ronald645@gmail.com \
--cc=mhis38@yahoo.de \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox