Something nasty in the Net shed..

I got hit TWICE in $ DAYS fr a 'top up' as I had 'exceeded my quota'

How, I thought, could I have managed to download 2GB in just two days?


When I wasn't even ON the machine most of the time..watching the rugby,
doing the garden...

Hmm. what does the router say? Cripes! 3 million packets!

What else does it say..?

A series of echo storm attack for most of sunday afternoon and evening.

What does my ISP say? (Clara) 'tough' ..well not in so many words..

Can I stop the DSL-504 from responding to pings? apparently not. Bugger
bugger bugger. The firewall only works on stuff that is being passed
through it.

Not bounced off it.

Anyone know a wired DSL router that will block incoming pings, but let
me ping out?

And still let me firewall on an incoming basis? the last one I set up
(Belkin I think) only firewalled OUTGOING stuff, Once you had incoming
on, anyone on any IP address could get in that way..

Normal NAT bollocks of course..

> Can I stop the DSL-504 from responding to pings? apparently not. Bugger
> bugger bugger. The firewall only works on stuff that is being passed
> through it.
> Not bounced off it.

Can you simply forward them to an unused internal IP address ?

On Mon, 10 Mar 2008 19:21:01 +0000, The Natural Philosopher wrote:

> Anyone know a wired DSL router that will block incoming pings, but let
> me ping out?

Zyxel Prestige 660H. Solid, sensibly priced router.

--
<http://ale.cx/> (AIM:troffasky) ((E-Mail Removed))
21:22:35 up 15 days, 5:14, 2 users, load average: 0.02, 0.09, 0.13
Convergence, n: The act of using separate DSL circuits for voice and data

"The Natural Philosopher" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I got hit TWICE in $ DAYS fr a 'top up' as I had 'exceeded my quota'
>
> How, I thought, could I have managed to download 2GB in just two days?
>
>
> When I wasn't even ON the machine most of the time..watching the rugby,
> doing the garden...
>
> Hmm. what does the router say? Cripes! 3 million packets!
>
> What else does it say..?
>
> A series of echo storm attack for most of sunday afternoon and evening.
>
> What does my ISP say? (Clara) 'tough' ..well not in so many words..
>
> Can I stop the DSL-504 from responding to pings? apparently not. Bugger
> bugger bugger. The firewall only works on stuff that is being passed
> through it.
>
> Not bounced off it.
>
> Anyone know a wired DSL router that will block incoming pings, but let me
> ping out?
>
> And still let me firewall on an incoming basis? the last one I set up
> (Belkin I think) only firewalled OUTGOING stuff, Once you had incoming on,
> anyone on any IP address could get in that way..
>
> Normal NAT bollocks of course..



It depends on how you are being billed.
If you are being charged for download, then there's nothing you can do at
your end.
The packet has gone through the meter at the ISP's end, and been clocked
down your line, before it hits any firewalling at your end. By then it's
too late. It's been charged for.

By not responding to the pings, you can prevent the upload responses, if you
are billed for them.

On the DSL-504 ( which I have here, but I use a no-nat config with a
seperate firewall ), how about:

Configuration -> Advanced Filtering and Firewall;
Create a rule to block ICMP:

Select Index to Set: 1 ( or whatever )
Item Name: Pings ( or call it whatever you want )
State: Enabled
Pass or block: Block
Interface: ISP1 ( or whatever the WAN interface is called )
Protocol: ICMP
Leave all the addresses / masks set to zero as per default.
Hit 'Add'.

See how that works.

--
Ron

On 10/03/2008 21:07, Colin Wilson wrote:
>> Can I stop the DSL-504 from responding to pings? apparently not. Bugger
>> bugger bugger. The firewall only works on stuff that is being passed
>> through it.
>> Not bounced off it.
>
> Can you simply forward them to an unused internal IP address ?

That'll send most likely send ICMP host unreachables back to the source,
what is required is to silently drop inbound ICMP echo requests, and
allow outbound requests and inbound replies.

In message <47d5a6ef$0$514$(E-Mail Removed)>, alexd
<(E-Mail Removed)> writes
>On Mon, 10 Mar 2008 19:21:01 +0000, The Natural Philosopher wrote:
>
>> Anyone know a wired DSL router that will block incoming pings, but let
>> me ping out?
>
>Zyxel Prestige 660H. Solid, sensibly priced router.
>
If you want to go retro, Efficient networks or Siemens 5861, 5830. Solid
as a rock (PSU not withstanding) and extremely cheap on eBay etc. as
most people are getting rid for wireless. 5861 has 4 port 10MBps hub and
5830 has 4 port 100MBps
--
Clint Sharp

"The Natural Philosopher" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I got hit TWICE in $ DAYS fr a 'top up' as I had 'exceeded my quota'
>
> How, I thought, could I have managed to download 2GB in just two days?
>
>
> When I wasn't even ON the machine most of the time..watching the rugby,
> doing the garden...
>
> Hmm. what does the router say? Cripes! 3 million packets!
>
> What else does it say..?
>
> A series of echo storm attack for most of sunday afternoon and evening.
>
> What does my ISP say? (Clara) 'tough' ..well not in so many words..
>
> Can I stop the DSL-504 from responding to pings? apparently not. Bugger
> bugger bugger. The firewall only works on stuff that is being passed
> through it.
>
> Not bounced off it.
>
> Anyone know a wired DSL router that will block incoming pings, but let me
> ping out?
>
> And still let me firewall on an incoming basis? the last one I set up
> (Belkin I think) only firewalled OUTGOING stuff, Once you had incoming on,
> anyone on any IP address could get in that way..
>
> Normal NAT bollocks of course..

On much the same topic, a friend has an account with Metronet, who show
usage on a daily basis. Friend was very confused to see a small daily
amount logged over the Christmas period, when she was away and the router
was switched off !!!!

How can the ISP count packets out to a router which is switched off?

Or is this Metronet confusing two different customers?

--
Graham J

Colin Wilson wrote:
>> Can I stop the DSL-504 from responding to pings? apparently not.
>> Bugger bugger bugger. The firewall only works on stuff that is
>> being passed through it.
>> Not bounced off it.
>
> Can you simply forward them to an unused internal IP address ?

That way any router can work, or should that be any router can work it
that way, I dunno, I'm tired but you're spot ont...

Colin Wilson wrote:
>> Can I stop the DSL-504 from responding to pings? apparently not. Bugger
>> bugger bugger. The firewall only works on stuff that is being passed
>> through it.
>> Not bounced off it.
>
> Can you simply forward them to an unused internal IP address ?

I dont think so....only TCP/UDP traffic seems to be forwardable..

alexd wrote:
> On Mon, 10 Mar 2008 19:21:01 +0000, The Natural Philosopher wrote:
>
>> Anyone know a wired DSL router that will block incoming pings, but let
>> me ping out?
>
> Zyxel Prestige 660H. Solid, sensibly priced router.
>

Ta..I'll look into that.