I have Level One's firewall/router on my cable line, plus Zone Alarm as the second line of defense on the computer. Every now and then, I see blocked ICMPs (ICMP type 3, subtype 3) in my Zone Alarm's log. What are these and how in the world can they come through the hardware firewall? A buggy/leaky firewall?
OK, here's the relevant log section:
FWIN,2005/03/16,08:55:56 +1:00 GMT,212.114.239.128:0,192.168.xx.xx:0,ICMP (type:3/subtype:3) FWIN,2005/03/16,10:23:06 +1:00 GMT,212.114.239.128:0,192.168.xx.xx:0,ICMP (type:3/subtype:3) FWIN,2005/03/16,11:51:52 +1:00 GMT,212.114.239.128:0,192.168.xx.xx:0,ICMP (type:3/subtype:3)
The IP was external, judging from the name a DSL user. It might have happened due to use of P2P applications, but I figured someone might have as well tried to find a way to penetrate the hw firewall. So nothing to worry about?
Probably not.
What is the "source" IP-address in ZA's log of the packet? Is it the "public" IP-address of your router, or the 'gateway' IP-address (obtain this IP-address by using 'IPCONFIG' on your computer) ?
If your hardware firewall is like my hardware firewall, it's a 'PING' packet from your router to all the computers on your "home" network, rather than a 'PING' packet from the Internet-at-large that "mysteriously" has penetrated.
Probably nothing to worry about, but show us your log-file.
(( posted and mailed ))
ICMP type 3 is "Destination unreachable", subtype 3 is "Port unreachable error. When the designated transport protocol (e.g., UDP) is unable to demultiplex the datagram but has no protocol mechanism to inform the sender."
Your ZA log should show the source of the packet. Check what host it is and if you have visited or sent something there. I suppose your firewall just tries to forward a message that should be of interest for you, like that some connection failed. I would not consider that a leaky firewall but actually a good one. Unfortunately, most PFWs and cheap NAT routers just drop all interesting and sometimes important ICMP messages...
Gerald
There are many types of ICMPs. Ping is only one (actually ping composed of icmp echo and icmp echo reply). Your firewall is NOT blocking all ICMP types. In fact you should not, you will have problems if you do. ICMP type
3 sub type 3 is icmp "destination unreachable port unreachable". This happens when you send a packet to a IP address and the server is not running a server on that port.In short it is perfectly normal.
Michael
Incoming or outgoing?
It is an ICMP message from an extrernal machine saying 'destination unreachable, Port unreachable'. This means that you tried to connect the particular service on the external machine and this machine informs you, that your connection attempt has failed.
Do you use P2P?
Nonsense.
*Your* *internal* *box* gets informed by the external box via an ICMP message that *your* *attempt* to connect the external box failed.How far has is come that such useful ICMP messages, that are a sign of totally normal network behaivior, are regarded as a threat? It is correct that your router forwards such mesages to the internal box, that tried to connect the external service/machine and is a sign of a totally braindead ZA, that it misinterprets such messages.
Wolfgang
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.