Date: Mon, 19 Feb 2001 14:55:32 +1100 From: Tony Landells <ahl@austclear.com.au> To: John Indra <john@office.naver.co.id> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: What does "icmp redirect" mean? Message-ID: <200102190355.OAA02453@tungsten.austclear.com.au> In-Reply-To: Your message of "Mon, 19 Feb 2001 10:07:23 %2B0700." <20010219100723.A88821@office.naver.co.id>
next in thread | previous in thread | raw e-mail | index | archive | help
> Hi all... > > I have this line in my /etc/rc.conf: > icmp_log_redirect="YES" > > One day, I saw this in my daily crontab run message: > icmp redirect from 1.2.3.4: 2.3.4.5 => 2.3.4.5 > > What does it mean? Well, it would probably look more sensible if you put in the real IP addresses and something of your network topology... An ICMP redirect is an indication that you sent a packet to the wrong place, and you could have sent it to the right place. For example, consider this setup: 192.168.1.0/24 ------------------------------------------- | | | 1| |100 |200 ----- ----- ----- PC router router ----- ----- |100 | | | -------------- ----- Lots of networks 192.168.2.0/24 For simplicity, you just set a default route on the PC that points to 192.168.1.200, which is a router connected to lots of networks, but not 192.168.2.0/24. When the PC tries to talk to 192.168.2.5, it realises the address is not local and sends the packet to the default router. The router at 192.168.1.200 looks at it, and realises that the best route is back the way the packet came in, and sends it to 192.168.1.100. In addition, 192.168.1.200 figures you don't know 192.168.1.100 is the gateway to 192.168.2.0, so it sends an ICMP redirect which says "you sent this packet to me, but you should be able to talk to the correct gateway which is 192.168.1.100". Basically it's trying to avoid unnecessary handling. In many cases people prefer to have most systems with just a default route, which is why you don't even necessarily want to log ICMP redirects. However, an attacker could inject ICMP redirects into your network to get you to send traffic somewhere it shouldn't go (like his PC), so many people like to configure "sensitive" systems to ignore ICMP redirects, and to have them logged in various places on their network. Cheers, Tony -- Tony Landells <ahl@austclear.com.au> Senior Network Engineer Ph: +61 3 9677 9319 Australian Clearing Services Pty Ltd Fax: +61 3 9677 9355 Level 4, Rialto North Tower 525 Collins Street Melbourne VIC 3000 Australia To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102190355.OAA02453>