Announcement

**curaga** · 23 July 2013, 03:28 PM

Might want to try drop instead of reject.

**Sonadow** · 23 July 2013, 07:17 PM

Originally posted by curaga View Post

Might want to try drop instead of reject.

No dice, -j DROP still fails the probe.

Any other suggestions?

**curaga** · 24 July 2013, 07:44 AM

Another thought would be that you're trying to block an outgoing packet on the input. Isn't it so that echo requests come in, and echo replies go out?

**Sonadow** · 24 July 2013, 08:27 AM

Originally posted by curaga View Post

Another thought would be that you're trying to block an outgoing packet on the input. Isn't it so that echo requests come in, and echo replies go out?

Took your suggestion and tried blocking echo-request and echo-reply on both INPUT and OUTPUT but no dice; probe still fails:

Code:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
REJECT     icmp --  anywhere             anywhere             icmp echo-request reject-with icmp-port-unreachable
REJECT     icmp --  anywhere             anywhere             icmp echo-reply reject-with icmp-port-unreachable
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
REJECT     icmp --  anywhere             anywhere             icmp echo-request reject-with icmp-port-unreachable
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
REJECT     icmp --  anywhere             anywhere             icmp echo-request reject-with icmp-port-unreachable
REJECT     icmp --  anywhere             anywhere             icmp echo-reply reject-with icmp-port-unreachable

Code:

----------------------------------------------------------------------

GRC Port Authority Report created on UTC: 2013-07-24 at 12:27:05

Results from scan of ports: 0-1055

    0 Ports Open
    0 Ports Closed
 1056 Ports Stealth
---------------------
 1056 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: FAILED - ALL tested ports were STEALTH,
                   - NO unsolicited packets were received,
                   - A PING REPLY (ICMP Echo) WAS RECEIVED.

----------------------------------------------------------------------

**curaga** · 24 July 2013, 09:24 AM

With drop of course. Reject still sends a response, wrong if you want to play dead.

**Sonadow** · 25 July 2013, 08:29 AM

Originally posted by curaga View Post

With drop of course. Reject still sends a response, wrong if you want to play dead.

Tried that too but probe still fails:

Code:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       icmp --  anywhere             anywhere             icmp echo-request
DROP       icmp --  anywhere             anywhere             icmp echo-reply
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
DROP       icmp --  anywhere             anywhere             icmp echo-request
DROP       icmp --  anywhere             anywhere             icmp echo-reply
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       icmp --  anywhere             anywhere             icmp echo-request
DROP       icmp --  anywhere             anywhere             icmp echo-reply

Code:

----------------------------------------------------------------------

GRC Port Authority Report created on UTC: 2013-07-25 at 12:26:57

Results from scan of ports: 0-1055

    0 Ports Open
    0 Ports Closed
 1056 Ports Stealth
---------------------
 1056 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: FAILED - ALL tested ports were STEALTH,
                   - NO unsolicited packets were received,
                   - A PING REPLY (ICMP Echo) WAS RECEIVED.

----------------------------------------------------------------------

Any other suggestions? This is starting to become a bit of a pain.

**curaga** · 25 July 2013, 08:54 AM

I don't have any other suggestions, other than stop using that site and use your own ping from another machine. If you can't debug the other side it's going to be hard.

Announcement

Unable to block ICMP echo_reply in iptables

Unable to block ICMP echo_reply in iptables

Comment

Comment

Comment

Comment

Comment

Comment

Comment