From owner-freebsd-security  Mon Nov 15  5:32:24 1999
Delivered-To: freebsd-security@freebsd.org
Received: from sanson.reyes.somos.net (freyes.static.inch.com [207.240.212.43])
	by hub.freebsd.org (Postfix) with ESMTP id BE92914DA4
	for <freebsd-security@FreeBSD.ORG>; Mon, 15 Nov 1999 05:32:10 -0800 (PST)
	(envelope-from fran@reyes.somos.net)
Received: from tomasa (tomasa.reyes.somos.net [10.0.0.11])
	by sanson.reyes.somos.net (8.9.3/8.9.3) with SMTP id IAA75221;
	Mon, 15 Nov 1999 08:29:30 -0500 (EST)
	(envelope-from fran@reyes.somos.net)
Message-Id: <199911151329.IAA75221@sanson.reyes.somos.net>
From: "Francisco Reyes" <fran@reyes.somos.net>
To: "Vladimir Dubrovin" <vlad@sandy.ru>
Cc: "freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG>
Date: Mon, 15 Nov 1999 08:26:51 -0500
Reply-To: "Francisco Reyes" <fran@reyes.somos.net>
X-Mailer: PMMail 98 Professional (2.01.1600) For Windows 98 (4.10.1998)
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Subject: Re: Is this an attack? ICMP packets coming from my own IP
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Mon, 15 Nov 1999 15:03:22 +0300, Vladimir Dubrovin wrote:

>F> Is this some form of attack?
>
>It's  your ping of your own machine. icmp:0.0 is ping request icmp:0.8
>is ping reply. As you can see every packet is both in and out.

I don't remember pinging myself, but I guess I could have.

Besides ping what else goes over ICMP. The reason I was looking at this, is that in the log there were 
numerous ICMP packets from last night and early morning. They also don't match the 0.0 and 0.8 you 
described from ping.


ipfw: 3100 Accept ICMP:0.0 204.71.200.245 207.240.212.43 in via tun0
ipfw: 3100 Accept ICMP:3.3 216.145.30.3 207.240.212.43 in via tun0
ipfw: 3100 Accept ICMP:3.13 155.232.17.2 207.240.212.43 in via tun0
ipfw: 3100 Accept ICMP:3.3 16.1.0.18 207.240.212.43 in via tun0
ipfw: 3100 Accept ICMP:3.3 204.123.2.18 207.240.212.43 in via tun0
ipfw: 3100 Accept ICMP:3.3 209.192.217.104 207.240.212.43 in via tun0
ipfw: 3100 Accept ICMP:3.1 144.232.9.142 207.240.212.43 in via tun0
ipfw: 3100 Accept ICMP:3.3 207.240.212.43 207.240.140.102 out via tun0

Any place I could read about ICMP packets? A search in google found mostly info from a list archive. I 
will go over those messages tonight..




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message