Date: Sun, 10 Sep 2000 10:07:13 -0700 From: Emmanuel Gravel <egravel@earthlink.net> To: freebsd-net@freebsd.org Subject: Strange TTL Exceeded messages Message-ID: <200009101707.KAA06851@falcon.prod.itd.earthlink.net>
next in thread | raw e-mail | index | archive | help
Knowing I shouldn't have much (any) traffic on my system I ran ethereal overnight to see what my firewall could and couldn't catch. Apart from the usual querries on ports 139 and 137, I saw something strange. I recieved about 20 TTL Exceeded messages from a host I never sent any info to (according to the ethereal log) just past 3 this morning. I tried nslookup on the host and it doesn't seem to exist. I tried pining the host and it doesn't seem to be up. The IP of that host is 10.254.3.2. When I did a traceroute, the first message that came up was <myhostname> natd[132]: failed to write packet back (Permission denied) yet my firewall logs didn't show anything. I also tried dumbing down the firewall to divert NATD then allow all, with the same results. Does anyone know of any kind of attack that would use TTL Exceeded messages? What effect would any amount of those messages on any system (i.e. are there any known attacks and what are its effects)? Thanks! Emmanuel To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009101707.KAA06851>