Date: Mon, 15 Nov 1999 08:26:51 -0500 From: "Francisco Reyes" <fran@reyes.somos.net> To: "Vladimir Dubrovin" <vlad@sandy.ru> Cc: "freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG> Subject: Re: Is this an attack? ICMP packets coming from my own IP Message-ID: <199911151329.IAA75221@sanson.reyes.somos.net>
next in thread | raw e-mail | index | archive | help
On Mon, 15 Nov 1999 15:03:22 +0300, Vladimir Dubrovin wrote: >F> Is this some form of attack? > >It's your ping of your own machine. icmp:0.0 is ping request icmp:0.8 >is ping reply. As you can see every packet is both in and out. I don't remember pinging myself, but I guess I could have. Besides ping what else goes over ICMP. The reason I was looking at this, is that in the log there were numerous ICMP packets from last night and early morning. They also don't match the 0.0 and 0.8 you described from ping. ipfw: 3100 Accept ICMP:0.0 204.71.200.245 207.240.212.43 in via tun0 ipfw: 3100 Accept ICMP:3.3 216.145.30.3 207.240.212.43 in via tun0 ipfw: 3100 Accept ICMP:3.13 155.232.17.2 207.240.212.43 in via tun0 ipfw: 3100 Accept ICMP:3.3 16.1.0.18 207.240.212.43 in via tun0 ipfw: 3100 Accept ICMP:3.3 204.123.2.18 207.240.212.43 in via tun0 ipfw: 3100 Accept ICMP:3.3 209.192.217.104 207.240.212.43 in via tun0 ipfw: 3100 Accept ICMP:3.1 144.232.9.142 207.240.212.43 in via tun0 ipfw: 3100 Accept ICMP:3.3 207.240.212.43 207.240.140.102 out via tun0 Any place I could read about ICMP packets? A search in google found mostly info from a list archive. I will go over those messages tonight.. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911151329.IAA75221>