From owner-freebsd-security Fri Oct 29 15:43:12 1999 Delivered-To: freebsd-security@freebsd.org Received: from astralblue.com (adsl-209-76-108-39.dsl.snfc21.pacbell.net [209.76.108.39]) by hub.freebsd.org (Postfix) with ESMTP id EE255155AA for ; Fri, 29 Oct 1999 15:43:09 -0700 (PDT) (envelope-from ab@astralblue.com) Received: from localhost (ab@localhost) by astralblue.com (8.9.3/8.9.3) with SMTP id PAA58044; Fri, 29 Oct 1999 15:43:01 -0700 (PDT) (envelope-from ab@astralblue.com) Date: Fri, 29 Oct 1999 15:43:01 -0700 (PDT) From: "Eugene M. Kim" To: Beck David Cc: FreeBSD Security Mailing List Subject: RE: Strange things on my computer / Help In-Reply-To: <1BD5A68BE9E8D211BBE8006094B9EB73E97F@netfinity.freesoft.hu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 29 Oct 1999, Beck David wrote: | | Beck David writes: | > - but the kernel complains in every 10 minutes for some _out_ going | > ICMP packets, which goes to two hosts. I am absolutely sure | > that nor me nor any of my programs has nothing to do with that hosts | | What kind of ICMP packets? Could you set up a sniffer to capture those | packets? (tcpdump will do). They may be completely benign (e.g. | ICMP_UNREACH or ICMP_TIMXCEED) | | ----------- | - The ICMP type is 3.3: port unreachable An ICMP 3.3 packet is usually generated when someone tries to reach a UDP port for which there is no listener running on your host. Not sure if your version of FreeBSD supports it, but if you turn on `log in vain' feature (add log_in_vain=YES to /etc/rc.conf) a kernel message is generated for each failed TCP/UDP connection attempt. Hope this helped, Eugene -- Eugene M. Kim "Is your music unpopular? Make it popular; make music which people like, or make people who like your music." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message