Security Incidents mailing list archives
ICMP messages - Scan or exploit attempt?
From: "Compra, Fred" <fredco () HUSHMAIL COM>
Date: Mon, 11 Sep 2000 03:15:01 +0000
I checked the logs on my masquerading Linux box a while ago to find that ippl had logged some "ippl: ICMP message type destination unreachable - bad host from xxx.xxx.xxx.xxx" messages with plenty of "last message repeated xx times" following them. (The x'd out IP address is the external interface on the box.) I saw no other connection attempts during this time, but I wasn't logging UDP, only TCP and ICMP. Could these messages be the result of a UDP scan of some sort, or even an attempt to exploit the Linux UDP masquerading vulnerability? (Does anyone know if this has been fixed?) Thanks to all, Fred
Current thread:
- ICMP messages - Scan or exploit attempt? Compra, Fred (Sep 12)
- Re: ICMP messages - Scan or exploit attempt? Russell Fulton (Sep 12)