Why utorrent brings so many ICMP packages blocked?

Discussion in 'LnS English Forum' started by isail, Oct 13, 2009.

Thread Status:
Not open for further replies.
  1. isail

    isail Registered Member

    Joined:
    Apr 4, 2008
    Posts:
    16
    Location:
    Mianyang, Sichuan, China
    When using utorrent (v1.8.4 build 16667), there's a lot of ICMP packages blocked by LnS, type=3, code=3, Internet>>PC. There packages are of different IPs, but same MAC source address 00:24:13:54:0A:44.

    So strange! What's it mean? Dose that mean the utorrent is dangerous?
     
  2. cqpreson

    cqpreson Registered Member

    Joined:
    May 18, 2009
    Posts:
    348
    Location:
    China
  3. isail

    isail Registered Member

    Joined:
    Apr 4, 2008
    Posts:
    16
    Location:
    Mianyang, Sichuan, China
  4. isail

    isail Registered Member

    Joined:
    Apr 4, 2008
    Posts:
    16
    Location:
    Mianyang, Sichuan, China
    But why LNS Standardruleset blocks all types of ICMP except type 10?
     
  5. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    ICMP Type 10 are also blocked but with no alert in the log.

    All ICMP are blocked (except ICMP requests your PC sends), to be sure to be stealth/invisible.
    When using a P2P software I guess it's not a problem to allow some ICMP packets (since you are anyway not stealth).

    Regards,

    Frederic
     
  6. Fad

    Fad Registered Member

    Joined:
    Feb 25, 2009
    Posts:
    377
    Location:
    England
    Thanks Frederic, I also wondered about this & that explains it, and that it`s OK to allow some of these in these circumstances - I also saw a lot were blocked.

    But can someone explain in simple terms how to alter the Utorrent rule to additionally allow these ICMP packets ?

    or maybe I have to create another rule that only runs when Utorrent does ?

    I still don`t really know what`s going on inside LnS or how to create these rules :doubt:
     
  7. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Which ICMP types/codes you need allowed?

    There is no need to allow ICMP for server apps (torrent) to operate properly. It is simply down to personal preferences, whether you wish to be informed on certain network events or not (when debugging a problem i.e).

    If you are not certain how to interpret and utilize ICMP info, I'd leave the ruleset well enough alone.

    Cheers,
     
  8. Fad

    Fad Registered Member

    Joined:
    Feb 25, 2009
    Posts:
    377
    Location:
    England
    Thanks for the info.....I haven`t got a saved log, but I believe it was ICMP type 3 code 1 (?) mostly....

    I was under the impression that as these were getting blocked so often, it was causing the torrent to not download as quickly as it might have been able to.

    But as they`re not important, it must have been the torrent itself at fault, so I`ll just leave it as it is :)
     
  9. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Code 3/Type 1 is "Destination Unreachable" / "Host Unreachable" (see here), it means your PC tries to contact a remote peer machine, but it is unreachable ;)

    It should not impact the download speed.

    Frederic
     
  10. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,732
    Additional to ICMP - allow ICMP type 11 code 0 if you are using a pinger tool
    like HLSW (game server watcher) or PingPlotter or similar.
     
Thread Status:
Not open for further replies.