Security: icmp host unreachable


Subject: Security: icmp host unreachable
christopher.murtagh@wcg.mcgill.ca
Date: Tue Apr 10 2001 - 09:22:17 MDT


 I've been checking out network traffic on one of my web servers, and I've
been getting a lot of 'icmp: host xxx.xxx.xxx.xxx unreachable' messages
where host xxx.xxx.xxx.xxx is not part of our network, nor is the
recipient of the icmp message. After doing some research, this seems like
we are potentially being a decoy to port scan host xxx.xxx.xxx.xxx. I
installed portsentry in hopes that it would track this down and block the
offenders, but no luck. Since my machine is simply a node and not a hub of
any type, I don't see any reason for it to send these icmp messages. Any
idea on how to stop sending them, or am I just being paranoid? Any info,
links or ideas would be much appreciated.

Cheers,

Chris

(More info on the web server here: http://www.mcgill.ca/secretaboutbox/)

-- 

Christopher Murtagh Webmaster / Web Communications Group McGill University Montreal, Quebec Canada



This archive was generated by hypermail 2a24 : Tue Apr 10 2001 - 09:24:42 MDT