Topic: Where do I top up my box with more PINGs...

[Robert Harlow]

Starting conditions...

--------------------------------
[root@nas600 snort]# iptables -L icmpIn -v
Chain icmpIn (1 references)
 pkts bytes target     prot opt in     out     source               destination
    1    92 DROP       icmp --  eth1   any     anywhere             anywhere           icmp echo-request length 92
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere           icmp echo-request
  260 21840 ACCEPT     icmp --  any    any     anywhere             anywhere           icmp echo-reply
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere           icmp destination-unreachable
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere           icmp source-quench
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere           icmp time-exceeded
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere           icmp parameter-problem
    0     0 denylog    all  --  any    any     anywhere             anywhere
[root@nas600 snort]# iptables -L icmpOut -v
Chain icmpOut (1 references)
 pkts bytes target     prot opt in     out     source               destination
  260 21840 ACCEPT     icmp --  any    any     anywhere             anywhere           icmp echo-request
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere           icmp echo-reply
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere           icmp destination-unreachable
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere           icmp source-quench
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere           icmp time-exceeded
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere           icmp parameter-problem
    0     0 denylog    all  --  any    any     anywhere             anywhere
--------------------------------

best wishes, Robert

[RayG]

Robert
    Glad to hear you have things working now. It looks like the majority of your icmp traffic is FROM your server ? Is your latency/bandwidth monitor responsible for all that pinging ?

Pico has tried to line wrap for me a couple times. Annoying but not a big deal if you pay attention to it.

I'm not sure what the deal is with Midnight Commander on your end. Maybe just an older version ?


Charlie
    Thanks for the comments. I posted in an earlier thread asking for the most recent version of iptables for SME 5.6 but got no responce. I downloaded the latest iptables update for RedHat 7.3 as you mentioned. It does contain a compiled version of the length module but it's iptables-1.2.8. When I try to install, it complains that kernel-2.4.20 is required. SME 5.6 uses the 2.4.18 kernel as far as I can tell.

[Robert Harlow]

Ray

It's more than working Ray. It's working really darned well, my thanks:-)

Since completion I've had but a single ICMP alarm line logged (MISC Large ICMP Packet) when normally I'd be looking over a page or two of that other stuff. The other 92byte stuff appears to be clocking up nicely...

------------------------
Sun 05 Oct 2003 11:07:41 PM BST  0.486627 seconds
[root@nas600 snort]# iptables -L icmpIn -v
Chain icmpIn (1 references)
 pkts bytes target     prot opt in     out     source               destination
   54  4968 DROP       icmp --  eth1   any     anywhere             anywhere           icmp echo-request length 92
   18  2895 ACCEPT     icmp --  any    any     anywhere             anywhere           icmp echo-request
 9758  820K ACCEPT     icmp --  any    any     anywhere             anywhere           icmp echo-reply
    6  1233 ACCEPT     icmp --  any    any     anywhere             anywhere           icmp destination-unreachable
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere           icmp source-quench
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere           icmp time-exceeded
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere           icmp parameter-problem
    0     0 denylog    all  --  any    any     anywhere             anywhere
[root@nas600 snort]# iptables -L icmpOut -v
Chain icmpOut (1 references)
 pkts bytes target     prot opt in     out     source               destination
11718  984K ACCEPT     icmp --  any    any     anywhere             anywhere           icmp echo-request
   18  2895 ACCEPT     icmp --  any    any     anywhere             anywhere           icmp echo-reply
    6  1233 ACCEPT     icmp --  any    any     anywhere             anywhere           icmp destination-unreachable
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere           icmp source-quench
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere           icmp time-exceeded
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere           icmp parameter-problem
    0     0 denylog    all  --  any    any     anywhere             anywhere
------------------------

...and, as for the outgoing totals, they must all be for (ShadLord's) System Monitor as I don't routinely use pings. The System Monitor is left running/displaying permanently our rural wireless communal network broadband's gateway. There's are some very good (local) reasons for doing this.

As always, System Monitor uselessly floods my server-manager's httpd/admin_error_log with a page or two of senseless programming orientated (?) errors - every few minutes when it updates - but otherwise it does an absolutely sterling job. At one time the size of its 90MB log exceeded the total of the displayed photographs in my online gallery, but I'm now overtaking the size of that particular log! Shame about all its logging errors though, I haven't managed to arouse any interest in curing them at all;~/

Have a permanent taskbar iteration of Mozilla 1.5rc2 running continuously with a group of four tags open...
a) SME server-manager | logs | httpd/error_log)
b) http://www.dnsstuff.com/ for immediately checking the bogie IPs in the spamming lists
c) SME server-manager | system-monitor | gateway | hourly-detail (packet loss/latency)
d) ACID

The required gateway graphs continue to be produced and are seemingly unaffected by your excellent modifications that wonderfully side-step the zombie-like, worm driven, ICMP ping requests - as per the requirements of my thread! Well done Ray:-)) I think your work should be made into a HOWTO.

best wishes, Robert