* DROPING ICMP and still getting kernel messages of icmp traffic?
@ 2013-04-08 18:06 Alex Flex
2013-04-12 23:10 ` Alex Flex
0 siblings, 1 reply; 2+ messages in thread
From: Alex Flex @ 2013-04-08 18:06 UTC (permalink / raw)
To: netfilter
Hello,
I recently got a medium size DoS attack against my uplink, I deduce that
because the attack was bigger than my uplink then I was effectively DoSed.
The attack nature was ICMP, but i had a ruleset to DROP all incomign
ICMP. What confuses me the most is that I saw messages AS IF the kernel
was dealing with ICMP traffic selectively. The result I was expecting
was to not have any type of syslog ICMP messages regarding ICMP because
in theory DROP means DROP silently.
Can anybody explain to me what could have occured?
Feb 27 14:27:11 kernel: Redirect from 125.215.162.43 on eth0 about
125.215.162.46 ignored.
Feb 27 14:27:11 kernel: Advised path = 4.221.27.8 -> 192.168.11.6
Feb 27 14:27:11 kernel: Redirect from 72.15.39.88 on eth0 about
72.15.39.99 ignored.
Feb 27 14:27:11 kernel: Advised path = 4.221.27.8 -> 72.15.39.99
Feb 27 14:27:12 kernel: Redirect from 23.128.38.14 on eth0 about
85.20.63.101 ignored.
Feb 27 14:27:12 kernel: Advised path = 4.221.27.8 -> 85.20.63.101
Feb 27 14:27:13 kernel: Redirect from 89.167.45.143 on eth0 about
89.167.45.118 ignored.
Feb 27 14:27:13 kernel: Advised path = 4.221.27.8 -> 89.167.45.118
Feb 27 14:27:13 kernel: Redirect from 94.255.230.139 on eth0 about
94.255.231.10 ignored.
Feb 27 14:27:14 kernel: Advised path = 4.221.27.8 -> 94.255.231.10
Feb 27 14:27:14 kernel: Redirect from 120.192.115.1 on eth0 about
120.192.115.11 ignored.
Feb 27 14:27:14 kernel: Advised path = 4.221.27.8 -> 120.192.115.11
Feb 27 14:27:15 kernel: Redirect from 183.61.108.1 on eth0 about
183.61.108.112 ignored.
Feb 27 14:27:16 kernel: Advised path = 4.221.27.8 -> 183.61.108.112
Feb 27 14:27:16 kernel: Redirect from 109.164.253.57 on eth0 about
109.164.253.59 ignored.
Feb 27 14:27:16 kernel: Advised path = 4.221.27.8 -> 109.164.253.59
Feb 27 14:27:16 kernel: Redirect from 61.92.213.127 on eth0 about
61.92.212.1 ignored.
Feb 27 14:27:16 kernel: Advised path = 4.221.27.8 -> 119.247.29.11
Finally, is there any difference between DROPing ICMP and using the
sysctl variable to ignore all ICMP?
Alex
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: DROPING ICMP and still getting kernel messages of icmp traffic?
2013-04-08 18:06 DROPING ICMP and still getting kernel messages of icmp traffic? Alex Flex
@ 2013-04-12 23:10 ` Alex Flex
0 siblings, 0 replies; 2+ messages in thread
From: Alex Flex @ 2013-04-12 23:10 UTC (permalink / raw)
To: netfilter
Hello...
I have not recieved a response, maybe my question was a bit messy if it
was I apologize for that..
In concrete anybody know what is the difference in utilizing iptables to
DROP all ICMP, vrs using sysctl to ignore all ICMP ?
Does it make sense I was droping all ICMP in iptables but still
recieving messages in syslog that ICMP redirect packets where getting
ignored every now and then (by that time i had not used sysctl, but i
was recommended to do so hence my question)
Thanks guys
Alex
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2013-04-12 23:10 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-04-08 18:06 DROPING ICMP and still getting kernel messages of icmp traffic? Alex Flex
2013-04-12 23:10 ` Alex Flex
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox