BitComet & ICMP

Discussion in 'LnS English Forum' started by nos_grunt, Jul 23, 2007.

Thread Status:
Not open for further replies.
  1. nos_grunt

    nos_grunt Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4
    I've noticed my LnS log filling up with TONS of entries regarding the following ICMP protocol, even when BitComet isn't running:

    Type 3 Code 0
    Type 3 Code 1
    Type 3 Code 3
    Type 3 Code 13
    Type 10 Code (cant remember)
    Type 11 Code 0
    Type 13 Code (cant remember)

    As well as UPD: Stop NetBIOS

    Is this normal? Should I create a rule to ALLOW the above protocols, or is it ok to just let the firewall block them?

    Also, should I allow port 137 (client or server) for NetBIOS -- while BitComet is running?

    I'm guessing that the reason I continue to get flooded with ICMP requests after BitComet has stopped running is because I previously announced myself as a 'seeder' on the Internet and the tracker sites are still announcing me as a seeder, even though I've turned my BitComet off.

    Anyway, if anyone knows what's going on with these ports/protocols and can tell me whether or not I need to block or allow them, please let me know. It would be greatly appreciated.

    Thanks!
     
  2. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi nos_grunt :)

    All these entries are normal.

    Here's the way to managed it:

    1) ICMP

    You must allow this:

    type 8 code 0 echo request: Outgoing only
    type 0 code 0 echo reply: Incoming only
    type 11 code 0 timeout: Incoming only (used by TraceRoute...)

    All the other ICMP codes must be blocked in and out

    BUT

    It's possible to use it wisely to have interesting informations...

    After the 3 previous allowd ICMP type/code you may add these specific ICMP
    blocking rules to have a more explicit information in the log (to have it add an ! or to not log it remove the ! ... see ?)

    type 3 code 0 Network Unreacheable: block in and out and log it (or not)
    type 3 code 1 Host Unreachable: block in and out and log it (or not)
    type 3 code 3 Port Unreachable: block in and out and log it (or not)
    type 3 code 10 Host Forbidden: block in and out and log it (or not)
    type 3 code 13 Forbidden (Filtering): block in and out and log it (or not)

    and dont worry about all these signals... This is normal.

    Don't forget to block all remaining ICMP types/codes (mandatory...)

    B) Post-connections incomming packets

    What you can do is to create rules to block with no log entries all these annoying packets entries in the log...

    Here's an "experimental" rules set:

    https://www.wilderssecurity.com/showthread.php?t=178698

    Check the rule {Y. 99996}; [UDP] << Bt pqts post-connex. ! > to understand how to do...

    :)
     
  3. nos_grunt

    nos_grunt Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4
    Thanks!
     
  4. cluefly

    cluefly Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    11
    Climenole ,great man
     
  5. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi cluefly

    Not so great... believe me... :(
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.