Re: Security: icmp host unreachable

Subject: Re: Security: icmp host unreachable
From: Hollis R Blanchard (hollis+@andrew.cmu.edu)
Date: Tue Apr 10 2001 - 10:40:03 MDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Donn Tarris: "Re: Updating packages........."
• Previous message: Pete Peters: "Re: Updating packages........."
• In reply to: christopher.murtagh@wcg.mcgill.ca: "Security: icmp host unreachable"
• Reply: Hollis R Blanchard: "Re: Security: icmp host unreachable"

On Tue, 10 Apr 2001 christopher.murtagh@wcg.mcgill.ca wrote:
>
> I've been checking out network traffic on one of my web servers, and I've
> been getting a lot of 'icmp: host xxx.xxx.xxx.xxx unreachable' messages
> where host xxx.xxx.xxx.xxx is not part of our network, nor is the
> recipient of the icmp message. After doing some research, this seems like
> we are potentially being a decoy to port scan host xxx.xxx.xxx.xxx.

That sounds reasonable.

> I installed portsentry in hopes that it would track this down and block the
> offenders, but no luck. Since my machine is simply a node and not a hub of
> any type, I don't see any reason for it to send these icmp messages. Any
> idea on how to stop sending them, or am I just being paranoid? Any info,
> links or ideas would be much appreciated.

Well, some bad computer somewhere is sending pings to host xxx.xxx.xxx.xxx
somewhere else (and spoofing their source IP to pretend they're you). So there
isn't much you can do about that, aside from possibly contacting the admins of
xxx.xxx.xxx.xxx. Of course, if they're being ping flooded they probably know
it already.

-Hollis

• Next message: Donn Tarris: "Re: Updating packages........."
• Previous message: Pete Peters: "Re: Updating packages........."
• In reply to: christopher.murtagh@wcg.mcgill.ca: "Security: icmp host unreachable"
• Reply: Hollis R Blanchard: "Re: Security: icmp host unreachable"

This archive was generated by hypermail 2a24 : Tue Apr 10 2001 - 10:42:57 MDT