Date: Sun, 10 Sep 2000 12:21:38 -0500 (CDT) From: Dan Debertin <airboss@bitstream.net> To: Emmanuel Gravel <egravel@earthlink.net> Cc: freebsd-net@freebsd.org Subject: Re: Strange TTL Exceeded messages Message-ID: <Pine.GSO.4.21.0009101217570.19891-100000@jah.bitstream.net> In-Reply-To: <200009101707.KAA06851@falcon.prod.itd.earthlink.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 10 Sep 2000, Emmanuel Gravel wrote: > Knowing I shouldn't have much (any) traffic on my system I ran ethereal > overnight to see what my firewall could and couldn't catch. Apart from the > usual querries on ports 139 and 137, I saw something strange. I recieved > about 20 TTL Exceeded messages from a host I never sent any info to > (according to the ethereal log) just past 3 this morning. Somebody (possibly you) was using traceroute. It uses ICMP TTL-exceded-in-transit and destination-unreachable messages to do its work (I won't explain how traceroute works here, but read any good TCP/IP book for more info). > > I tried nslookup on the host and it doesn't seem to exist. I tried pining the > host and it doesn't seem to be up. The IP of that host is 10.254.3.2. Anything 10.x.x.x/8 is an rfc1918 reserved network number; It is non-routable on the Internet at large. Therefore, it isn't surprising that you would be unable to ping it. ~Dan D. -- Senior Systems Administrator Bitstream Underground, LLC airboss@bitstream.net (612)321-9290 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.21.0009101217570.19891-100000>