network security related question
Smoot Carl-Mitchell
smoot at tic.com
Fri Feb 27 05:38:23 UTC 2009
On Fri, 2009-02-27 at 05:17 +0000, Vitorio Okio wrote:
> I also have Firestarter running on my Ubuntu 8.04.
>
> I used to think that being behind a NAT router is quite safe. And I used
> to think that keeping Firestarter running is my tribute to security
> paranoia.
>
> But today I've noticed a huge number of incoming connections reported
> blocked by Firestarter. All of them are of ICMP protocol, and my
> understanding is they are either pings, or simple port scans, or
> something of the kind.
>
> Though almost all of them come from the same 2 sources outside of my
> country and this persistence worries me.
>
> My question is how do they ever reach my Firestarter? How they go through
> my NAT router? I thought they are supposed to be blocked on that level.
If they are ICMP and they are reaching the firewall, then they must be
some type of response to a request initiated from your Linux box. For
example an outbound TCP or UDP connection attempt will generate an ICMP
response if the remote host refuses the connection. Those type of
requests should be permitted for the protocols to work properly, BTW.
I'd see what type the ICMP packets are. That will give you a clue as to
what is going on.
--
Smoot Carl-Mitchell
Computer Systems and
Network Consultant
smoot at tic.com
+1 480 922 7313
cell: +1 602 421 9005
More information about the ubuntu-users
mailing list