Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

ICMP type3/code3

From: Lance Spitzner <spitzner () dimension net>
Date: Thu, 24 Jun 1999 13:03:08 -0400 (EDT)
My DNS servers are receiving a great deal of
ICMP type3/code3 at random times.

3     Destination Unreachable                  [RFC792]

        Codes
            0  Net Unreachable
            1  Host Unreachable
            2  Protocol Unreachable
            3  Port Unreachable

My IDS scripts kick off thinking this is some type 'smurf'
attack, as I can receive a large number of packets in a very
short time. Also, this tends to be random, as my DNS servers 
will not receive any ICMP 3/3 packets for a week, then in
a single day I will recieve a total of 700+ packets in an hour 
from 4 different sources.

I know of several other people who have reported this same issue.
Is this a security issue, or a bind issue?

Thanks

Lance Spitzner
http://www.enteract.com/~lspitz/papers.html
Internetworking & Security Engineer
Dimension Enterprises Inc
Previous By Date Next
Previous By Thread Next

Current thread: