BitComet & ICMP

Discussion in 'LnS English Forum' started by nos_grunt, Jul 23, 2007.

Thread Status:
Not open for further replies.
  1. nos_grunt

    nos_grunt Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4
    I've noticed my LnS log filling up with TONS of entries regarding the following ICMP protocol, even when BitComet isn't running:

    Type 3 Code 0
    Type 3 Code 1
    Type 3 Code 3
    Type 3 Code 13
    Type 10 Code (cant remember)
    Type 11 Code 0
    Type 13 Code (cant remember)

    As well as UPD: Stop NetBIOS

    Is this normal? Should I create a rule to ALLOW the above protocols, or is it ok to just let the firewall block them?

    Also, should I allow port 137 (client or server) for NetBIOS -- while BitComet is running?

    I'm guessing that the reason I continue to get flooded with ICMP requests after BitComet has stopped running is because I previously announced myself as a 'seeder' on the Internet and the tracker sites are still announcing me as a seeder, even though I've turned my BitComet off.

    Anyway, if anyone knows what's going on with these ports/protocols and can tell me whether or not I need to block or allow them, please let me know. It would be greatly appreciated.

    Thanks!
     
  2. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi nos_grunt :)

    All these entries are normal.

    Here's the way to managed it:

    1) ICMP

    You must allow this:

    type 8 code 0 echo request: Outgoing only
    type 0 code 0 echo reply: Incoming only
    type 11 code 0 timeout: Incoming only (used by TraceRoute...)

    All the other ICMP codes must be blocked in and out

    BUT

    It's possible to use it wisely to have interesting informations...

    After the 3 previous allowd ICMP type/code you may add these specific ICMP
    blocking rules to have a more explicit information in the log (to have it add an ! or to not log it remove the ! ... see ?)

    type 3 code 0 Network Unreacheable: block in and out and log it (or not)
    type 3 code 1 Host Unreachable: block in and out and log it (or not)
    type 3 code 3 Port Unreachable: block in and out and log it (or not)
    type 3 code 10 Host Forbidden: block in and out and log it (or not)
    type 3 code 13 Forbidden (Filtering): block in and out and log it (or not)

    and dont worry about all these signals... This is normal.

    Don't forget to block all remaining ICMP types/codes (mandatory...)

    B) Post-connections incomming packets

    What you can do is to create rules to block with no log entries all these annoying packets entries in the log...

    Here's an "experimental" rules set:

    https://www.wilderssecurity.com/showthread.php?t=178698

    Check the rule {Y. 99996}; [UDP] << Bt pqts post-connex. ! > to understand how to do...

    :)
     
  3. nos_grunt

    nos_grunt Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4
    Thanks!
     
  4. cluefly

    cluefly Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    11
    Climenole ,great man
     
  5. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi cluefly

    Not so great... believe me... :(
     
Thread Status:
Not open for further replies.