From owner-freebsd-net Sun Sep 10 10:21:32 2000 Delivered-To: freebsd-net@freebsd.org Received: from amazhan.bitstream.net (amazhan.bitstream.net [216.243.128.132]) by hub.freebsd.org (Postfix) with SMTP id D57A937B422 for ; Sun, 10 Sep 2000 10:21:29 -0700 (PDT) Received: (qmail 25097 invoked from network); 10 Sep 2000 17:21:29 -0000 Received: from unknown (HELO jah) (216.243.128.155) by amazhan with SMTP; 10 Sep 2000 17:21:29 -0000 Date: Sun, 10 Sep 2000 12:21:38 -0500 (CDT) From: Dan Debertin To: Emmanuel Gravel Cc: freebsd-net@freebsd.org Subject: Re: Strange TTL Exceeded messages In-Reply-To: <200009101707.KAA06851@falcon.prod.itd.earthlink.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 10 Sep 2000, Emmanuel Gravel wrote: > Knowing I shouldn't have much (any) traffic on my system I ran ethereal > overnight to see what my firewall could and couldn't catch. Apart from the > usual querries on ports 139 and 137, I saw something strange. I recieved > about 20 TTL Exceeded messages from a host I never sent any info to > (according to the ethereal log) just past 3 this morning. Somebody (possibly you) was using traceroute. It uses ICMP TTL-exceded-in-transit and destination-unreachable messages to do its work (I won't explain how traceroute works here, but read any good TCP/IP book for more info). > > I tried nslookup on the host and it doesn't seem to exist. I tried pining the > host and it doesn't seem to be up. The IP of that host is 10.254.3.2. Anything 10.x.x.x/8 is an rfc1918 reserved network number; It is non-routable on the Internet at large. Therefore, it isn't surprising that you would be unable to ping it. ~Dan D. -- Senior Systems Administrator Bitstream Underground, LLC airboss@bitstream.net (612)321-9290 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message