Hi,
From last some days I am facing the unexpected huge ICMP traffic is going
out from Server.
I have blocked icmp ports in iptables and if I execute the Ping manualy its blocking.
Some process is send this huge traffic. Below is tcpdump output.
================================
16:23:27.817856 IP (tos 0xc0, ttl 64, id 55278, offset 0, flags [none], proto ICMP (1), length 104)
example.com > ***.***.***.***: ICMP host example.com unreachable - admin prohibited, length 84
IP (tos 0x0, ttl 56, id 52085, offset 0, flags [DF], proto TCP (6), length 76)
***.***.***.***.5189 > example.com.https: Flags [P.], cksum 0xa427 (correct), seq 2571871600:2571871636, ack 1159342022, win 65535, length 36
================================
How this can be controlled ?
Thanks,
Shital
Thanks, Dropped the ICMP type 3 port. Now question to find the cause.
On Wed, Jan 6, 2016 at 6:49 PM, Gordon Messmer gordon.messmer@gmail.com wrote:
On 01/06/2016 04:45 AM, Shital Sakhare wrote:
I have blocked icmp ports in iptables and if I execute the Ping manualy its blocking.
...
How this can be controlled ?
Drop the incoming traffic in iptables, rather than rejecting it? _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
On 01/06/2016 05:47 AM, Shital Sakhare wrote:
Thanks, Dropped the ICMP type 3 port. Now question to find the cause.
Well, based on your tcpdump output, it looks like your rules were rejecting unrelated packets, or tcp/443 packets. It's hard to be sure since the ICMP was the first packet, so you didn't show the packet it was actually replying to.
The ICMP traffic is a result of rejecting rather than dropping that traffic. That is, I think you're looking at the problem wrong. The ICMP traffic is simply the result of a choice you made. Are you dropping type 3 in the output chain?
-
Gordon Messmer -
Shital Sakhare