Help: meaning of ICMP_UNREACH message from firewall

Discussion in 'Computer Security' started by Zak, Apr 4, 2006.

  1. Zak

    Zak Guest

    I can't understand what to do about this ICMP message from my
    Filseclab software firewall:

    Application: SYSTEM
    Direction: In
    Remote IP: rz.vrx.net
    Status/Bytes: RECV/70
    Description: ICMP_UNREACH[ICMP_UNREACH_PORT](bad port)|RT:9|

    Presumably this has something to do with an ICMP packet not being
    able to reach some port on my system. Can someone explain this a bit
    more please.

    And importantly, what can I do on Filseclab to overcome this?

    If I turn my firewall OFF then DNS lookups seem to happen faster and
    some (but not all) of the Usenet servers I belong to work faster. I
    suspect that these trapped ICMP messages might have something to do
    with the slowness I am getting.
     
    Zak, Apr 4, 2006
    #1
    1. Advertising

  2. Zak wrote:

    > I can't understand what to do about this ICMP message from my Filseclab
    > software firewall:
    >
    > Application: SYSTEM
    > Direction: In
    > Remote IP: rz.vrx.net
    > Status/Bytes: RECV/70
    > Description: ICMP_UNREACH[ICMP_UNREACH_PORT](bad port)|RT:9|
    >
    > Presumably this has something to do with an ICMP packet not being able to
    > reach some port on my system. Can someone explain this a bit more please.
    >
    > And importantly, what can I do on Filseclab to overcome this?


    Don't have a clue what Fileseclab even is, but the problem seems pretty
    straight forward. Someone's blindly rejecting echo requests (pings) and
    your software expects them. The "RT:9" suggests that the responding
    machine is sending "Administratively Prohibited" type replies to pings,
    which generally means some firewall not in "stealth" mode.

    > If I turn my firewall OFF then DNS lookups seem to happen faster and
    > some (but not all) of the Usenet servers I belong to work faster. I
    > suspect that these trapped ICMP messages might have something to do with
    > the slowness I am getting.


    I think you answered your own question. Reconfigure your firewall to
    properly respond to or pass echo requests if that's what all the evidence
    tells you to do. <grin>
     
    George Orwell, Apr 5, 2006
    #2
    1. Advertising

  3. Zak

    Mailman Guest

    On Tue, 04 Apr 2006 22:47:04 +0100, Zak wrote:

    > I can't understand what to do about this ICMP message from my
    > Filseclab software firewall:
    >
    > Application: SYSTEM
    > Direction: In
    > Remote IP: rz.vrx.net
    > Status/Bytes: RECV/70
    > Description: ICMP_UNREACH[ICMP_UNREACH_PORT](bad port)|RT:9|
    >
    > Presumably this has something to do with an ICMP packet not being
    > able to reach some port on my system. Can someone explain this a bit
    > more please.


    Not quite. What happened is that something on your machine tried to open
    a connection to some remote system, and that one answered with a "port
    unreachable" - nothing listening on the port or the port us blocked
    (filtered). This is part of the normal (presumably TCP) negotiation.

    Try looking up the ICMP types and decide which ones you want to allow in
    (hint: a lot of them are undesirable, but this is not one of them).
    --
    Mailman


    ----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
    http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
    ----= East and West-Coast Server Farms - Total Privacy via Encryption =----
     
    Mailman, Apr 5, 2006
    #3
  4. Zak

    Zak Guest

    On 05 Apr 2006, Mailman<> wrote:

    > On Tue, 04 Apr 2006 22:47:04 +0100, Zak wrote:
    >
    >> I can't understand what to do about this ICMP message from my
    >> Filseclab software firewall:
    >>
    >> Application: SYSTEM
    >> Direction: In
    >> Remote IP: rz.vrx.net
    >> Status/Bytes: RECV/70
    >> Description: ICMP_UNREACH[ICMP_UNREACH_PORT](bad port)|RT:9|
    >>
    >> Presumably this has something to do with an ICMP packet not
    >> being able to reach some port on my system. Can someone
    >> explain this a bit more please.

    >
    > Not quite. What happened is that something on your machine tried
    > to open a connection to some remote system, and that one
    > answered with a "port unreachable" - nothing listening on the
    > port or the port us blocked (filtered). This is part of the
    > normal (presumably TCP) negotiation.
    >
    > Try looking up the ICMP types and decide which ones you want to
    > allow in (hint: a lot of them are undesirable, but this is not
    > one of them).


    This particular firewall does not permit me to choose which type of
    ICMP it passes or rejects. So to avoid problems I set it to pass all
    ICMP traffic.

    But I stil get that wierd message. If I close the firewall down
    completely then the app seems to communicate ok. Does this help
    anyone to know what might be happening?
     
    Zak, Apr 5, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. TomTom
    Replies:
    10
    Views:
    945
    The Poster Formerly Known as Kline Sphere
    Aug 13, 2004
  2. *FESWANY

    WHAT IS THE MEANING

    *FESWANY, Jan 26, 2005, in forum: MCSE
    Replies:
    3
    Views:
    413
  3. Emrys Davies

    Cascading-meaning of

    Emrys Davies, Jul 15, 2003, in forum: Computer Support
    Replies:
    1
    Views:
    2,677
    ┬░Mike┬░
    Jul 15, 2003
  4. Tim
    Replies:
    9
    Views:
    4,527
    Ghost
    Sep 29, 2006
  5. hmmm

    Meaning of life

    hmmm, Oct 1, 2003, in forum: Computer Support
    Replies:
    69
    Views:
    1,840
    cheekycharlie
    Apr 15, 2004
Loading...

Share This Page