Date: Mon, 14 Sep 1998 09:07:40 +0100 (BST) From: Jay Tribick <netadmin@fastnet.co.uk> To: security@FreeBSD.ORG Subject: Re: odd icmp packet Message-ID: <Pine.BSF.3.96.980914090537.14349B-100000@bofh.fast.net.uk> In-Reply-To: <Pine.BSF.3.96.980914154959.300B-100000@aniwa.sky>
next in thread | previous in thread | raw e-mail | index | archive | help
| I monitor odd packets on broadcast channels, and this turned up in my | logs: | | Sep 14 14:57:55 dawn /kernel: ipfw: 60100 Accept ICMP:11.0 xxx.xx.xx.xx | 255.255.255.255 in via de0 | | xxx.xx.xx.xx is not on my subnet, but the machine which recorded this is | not behind a firewall except in so far as it runs its own filters | | ICMP:11.0 indicates time exceeded in transit. Can someone explain what | might have caused this. | | Am I correct in thinking that because ICMP packets do not generate | responses this does not have DoS relevance? Not really, an ICMP ping flood is quite a substantial way of DoS'ing someone and tends to eat up all the bandwidth on a modem connection - depending upon the source of the ICMPs you could quite easily saturate a [T|E]1 or higher. It's often used on the IRC networks when someone's trying to flood someone else off. Your right in thinking that a Time Exceeded in Transit can't cause a DoS though (although someone's bound to prove me wrong ;) Regards, Jay Tribick <netadmin@fastnet.co.uk> -- [| Network Admin | FastNet International | http://fast.net.uk/ |] [| Finger netadmin@fastnet.co.uk for contact info & PGP PubKey |] [| +44 (0)1273 T: 677633 F: 621631 e: netadmin@fast.net.uk |] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980914090537.14349B-100000>