ICMP entries blocked all over the place…



  • Hi!

    I see these entries over and over for all of my subnet IPs.

    Jun 24 20:07:37 WAN 184.105.213.114 a.b.c.d ICMP

    (That IP belongs to he.net, I assume it must be one of their routers…)

    It goes on and on for all of them, even the ones who have not been assigned to an internal IP, and they are at most a few seconds apart.

    That subnet which is routed through another IP and these are all defined as virtual IPs.

    Obviously they are not pings, the most well known use of ICMP but are obviously something else (anything but type 0...).

    Is there any way to know what exactly and what should I do about it?

    Thank you and have a nice day!

    Nick
    Thank you and have a nice day!


  • Banned

    It's being blocked so you don't need to do anything about it.



  • You could run tcpdump to see exactly which icmp packets are being blocked.



  • Hi!

    @Nullity:

    You could run tcpdump to see exactly which icmp packets are being blocked.

    Thank you but I guess I should have said that I know it's not a threat since they are being blocked.

    To me it sounds like a misconfiguration (or something missbehaving) of some kind that I would like to fix…

    Thank you and have a nice day!

    Nick



  • Hi!

    @Nullity:

    You could run tcpdump to see exactly which icmp packets are being blocked.

    Thank you!

    I think I found another way to get the information I needed however, looking in /var/log/filter.log

    I saw this

    
    Jun 25 10:37:14 firewall filterlog: 5,16777216,,1000000103,pppoe0,match,block,in,4,0x0,,61,62439,0,none,1,icmp,56,184.105.213.114,a.b.c.d,time
    xceed,time exceeded in-transit36
    

    It's obviously something on the firewall which generates traffic which gets this answer since I get it even for IPs which have not been assigned…

    Any idea what it might be?

    Thank you and have a nice day!

    Nick