projects
asked on
icmp allowed by cert or ??? only?
I have several hundred logging devices out in the field which need to send an icmp request now and then to their home server.
I know I could limit icmp using IPs but I don't know the logger IPs since they would be getting it from a dhcp server.
How could I block icmp to only those devices and nothing else?
I know I could limit icmp using IPs but I don't know the logger IPs since they would be getting it from a dhcp server.
How could I block icmp to only those devices and nothing else?
gheist
DHCP server keeps list of issued addresses, or has a IP range it issues. Import either to iptables and you are fine.
Is there something you could put in the payload to distinguish the ICMP traffic you want to allow from the general background noise?
For that matter - if its just a ping, do you really care that much? I know zonealarm made a big fuss about "stealth" and blocking pings, but on the whole, its not usually a big deal if your IP is pingable.
For that matter - if its just a ping, do you really care that much? I know zonealarm made a big fuss about "stealth" and blocking pings, but on the whole, its not usually a big deal if your IP is pingable.
ASKER
Gheist: Not sure what you mean. Can you explain please.
Dave, I could put something in the payload and in fact, the first connection from the device is always using curl https. Perhaps this is the key?
You are right that icmp should not be a big issue but my thinking is that there will be many connections as it is and my server won't know what is legit and not so when I am trying to block bad traffic, I won't be able to as easily. If for example someone was trying to use icmp to cause problems, I could not respond by disabling icmp.
Dave, I could put something in the payload and in fact, the first connection from the device is always using curl https. Perhaps this is the key?
You are right that icmp should not be a big issue but my thinking is that there will be many connections as it is and my server won't know what is legit and not so when I am trying to block bad traffic, I won't be able to as easily. If for example someone was trying to use icmp to cause problems, I could not respond by disabling icmp.
Maximum extent of "these devices" is all addresses handed out by your DHCP server.
Yse that address range for blocking/passing.
Yse that address range for blocking/passing.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
gheist. All devices are on internet, not dhcp addresses.
Correct Dave, no dhcp.
I cannot get into complete specifics and your answer is interesting but the curl and icmp connections are separate. However, this gives me an idea for a solution based on what you've said so I will award.
Thank you very much.
Correct Dave, no dhcp.
I cannot get into complete specifics and your answer is interesting but the curl and icmp connections are separate. However, this gives me an idea for a solution based on what you've said so I will award.
Thank you very much.
but I don't know the logger IPs since they would be getting it from a dhcp server.Come on.
ASKER
Why would you be upset? Dave made the correct assumption that's all.
>I know I could limit icmp using IPs but I don't know the logger IPs since
>they would be getting it from a dhcp server.
If I knew which dhcp servers they were getting their IPs from and was controlling them, I would not need to find a way of preventing hackers since that implies all would be in some closed network.
Each client will be getting it's IP from some local dhcp server on networks all over the place, which I have no control over.
Hope this clears it up.
>I know I could limit icmp using IPs but I don't know the logger IPs since
>they would be getting it from a dhcp server.
If I knew which dhcp servers they were getting their IPs from and was controlling them, I would not need to find a way of preventing hackers since that implies all would be in some closed network.
Each client will be getting it's IP from some local dhcp server on networks all over the place, which I have no control over.
Hope this clears it up.