Security: icmp host unreachable

Subject: Security: icmp host unreachable
Date: Tue Apr 10 2001 - 09:22:17 MDT

 I've been checking out network traffic on one of my web servers, and I've
been getting a lot of 'icmp: host unreachable' messages
where host is not part of our network, nor is the
recipient of the icmp message. After doing some research, this seems like
we are potentially being a decoy to port scan host I
installed portsentry in hopes that it would track this down and block the
offenders, but no luck. Since my machine is simply a node and not a hub of
any type, I don't see any reason for it to send these icmp messages. Any
idea on how to stop sending them, or am I just being paranoid? Any info,
links or ideas would be much appreciated.



(More info on the web server here:


Christopher Murtagh Webmaster / Web Communications Group McGill University Montreal, Quebec Canada

This archive was generated by hypermail 2a24 : Tue Apr 10 2001 - 09:24:42 MDT