Ixthusdan Posted April 21, 2005 Report Share Posted April 21, 2005 I have my home network setup so that only my external ip and my browser are detectable on the internet. I run two firewalls, one in the router and the other on the each desktop. (Yes, I like stealth!) So my router sends me a report every time it ovewrites the access attempt log. I am currently getting 8 - 10 e-mails per day, each with 125 records of access attempts. Some are the dns I use for ip renewal. But the rest are from all over the world, including China! I think it is the "reject ping from wan" that is doing this. 1) Why am I being pinged so much? 2) Am I paranoid to reject ping from wan? I am just wondering what others think and do. Quote Link to comment Share on other sites More sharing options...
paul Posted April 21, 2005 Report Share Posted April 21, 2005 1. that's just what happens 2. yes :) I have a couple of static IP's that are attacked frequently a summary of yesterday's logwatch Dropped 944 packets on interface eth3 Dropped 1194 packets on interface ppp0 Rejected 38 packets on interface eth0 things like this are sometimes interesting From 82.96.96.3 - 276 packets To 203.96.212.68 - 276 packets Quote Link to comment Share on other sites More sharing options...
SoulSe Posted April 21, 2005 Report Share Posted April 21, 2005 I have the same scenario with my home network - I have a router running a firewall, but I don't firewall my desktops. And my logs look like yours. My attitude is to ignore it - I even stopped my router sending me emails They can't do much by pinging you and a port-scan will just show them a hand-full of ports that they can't do much with. So I wouldn't worry too much, so long as you have a competent firewall, and most routers come with solid firewalls in their firmware. Besides, there are enough stupid Windows users on the Internet with NO security to keep these kids busy - they aren't terribly interested in the likes of us, we're too difficult to mess with Quote Link to comment Share on other sites More sharing options...
ac_dispatcher Posted April 21, 2005 Report Share Posted April 21, 2005 Remember my "Thank God for Firewalls" http://mandrakeusers.org/index.php?showtop...472&hl=firewall I ended up truning the remote logging off. :unsure: Quote Link to comment Share on other sites More sharing options...
Ixthusdan Posted April 21, 2005 Author Report Share Posted April 21, 2005 Thanks, guys. I think I'll allow the ping just to try and reduce the log fill frequency. I would rather not turn off the e-mails because I like to track interesting attempts to access. Many come from UCLA in California! Quote Link to comment Share on other sites More sharing options...
Ixthusdan Posted April 23, 2005 Author Report Share Posted April 23, 2005 Well, I allowed ping from wan and that did not change the report frequency at all. I am really fending off other computers trying to access my betwork! Unbelivable!! Quote Link to comment Share on other sites More sharing options...
iphitus Posted April 23, 2005 Report Share Posted April 23, 2005 Well, I allowed ping from wan and that did not change the report frequency at all. I am really fending off other computers trying to access my betwork! Unbelivable!! <{POST_SNAPBACK}> Most of them would be trojans or viruses from infected windows computers trying to access other windows computers I assume. There isnt that many people out on the internet trying to get you, dont worry :D Quote Link to comment Share on other sites More sharing options...
Ixthusdan Posted April 23, 2005 Author Report Share Posted April 23, 2005 :ph34r: Quote Link to comment Share on other sites More sharing options...
Guest Willard1975 Posted April 25, 2005 Report Share Posted April 25, 2005 No, you're not paranoid. In fact you're smart. Linux' role in my home is small enough that i don't need ping to solve problems. That is mostly what ping is for. The only downside is that you can't ping anything yourself. Everything else works just fine. There are people who scan entire IP ranges to look for potential targets. After my most recent install of 10.1 it took 7 hours before someone found me and was scripting to login in via SSH. After dropping icmp packets completely i haven't had much trouble. Then again i blocked SSH from the outside just to be sure. Maybe it's me who's paranoid.....Anyway, they can't scan for me and won't find me unless they connect to any service i have running on that particular IP address. I say do everything to minimize your presence on the Internet if you just have a router/firewall. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.