Firewall Wizards mailing list archives

Re: strange icmp packets.

From: Kaptain <kaptain () kaptain com>
Date: Wed, 17 Mar 1999 11:04:17 -0800 (PST)

Sounds like a standard spoofing technique to me.  Take a look at the
following:

ftp://ftp.isi.edu/in-notes/rfc2267.txt



-AK




On Wed, 17 Mar 1999, Darren Reed wrote:


Amongst the meabytes of log information that I'm seeing on a firewall
are icmp error packets being sent back to hosts which don't and have
never existed.  I assume others are seeing the same.  Has anyone
looked closer at this and decided it's either replies to spoof'd
packets being sent with their address or is someone trying to scan
using ICMP error packets ?!  The latter seems somewhat strange to me
as you're not meant to reply to those (I'm refering to unreachables
and quenches here).

Darren

Current thread:

strange icmp packets. Darren Reed (Mar 17)
- Re: strange icmp packets. Kaptain (Mar 17)
- <Possible follow-ups>
- RE: strange icmp packets. Frank W. Keeney (Mar 18)
  - RE: strange icmp packets. Chuck Young (Mar 19)
  - Message not available
    - RE: strange icmp packets. Neil Ratzlaff (Mar 22)
- Re: strange icmp packets. Bill_Royds (Mar 18)
- Re: strange icmp packets. Neil Ratzlaff (Mar 19)
  - Re: strange icmp packets. Darren Reed (Mar 19)
- RE: strange icmp packets. Robert Graham (Mar 23)