Security Incidents mailing list archives
Re: ICMP_TIME_EXCEEDED to network address?
From: "Edwards, David (JTD)" <Edwards.David2 () SAUGOV SA GOV AU>
Date: Fri, 2 Feb 2001 08:23:02 +1030
Hi,
-----Original Message----- From: Melissa [mailto:mlovett () WARRIOR MGC PEACHNET EDU] Sent: Friday, 2 February 2001 3:38 AM To: INCIDENTS () SECURITYFOCUS COM Subject: Re: [INCIDENTS] ICMP_TIME_EXCEEDED to network address? Anyway, I am currently researching/solving a similar problem. I have discovered that multimedia keyboards send constant pings to the following address, at least on our network, 207.26.131.137. Our sniffer reports the Time Exceeded in Transit, TTL set to 1.
Next thing you know your watch will be pinging your car to see if it's awake.. No idea why this might occur. Run it under a debugger, it may produce some insights.
Also, I have discovered that pathping, in Windows 2000, causes a report of Time exceeded in transit, TTL set to 1. If you have a sniffer, you can watch this. Just pathping any address, even on your network, and it will report Time to Live Exceeded in Transit, TTL 1.
This would be expected as it uses the time-exceeded msgs to work out the path to the host. I'd guess it sends a ping packet to the host with TTL=1 first, then another with TTL=2 and so on until the host replies, the icmp packets returned show the path. ciao dave --- Dave Edwards Justice Technology Division Ph: +61 8 82265426 || 0408 808355 mailto: edwards.david2 () saugov sa gov au Snail : Justice Technology Division GPO Box 2048, Adelaide 5001 --- The information in this e-mail may be confidential and/or legally privileged. Use or disclosure by anyone other than the intended recipient is prohibited and may be unlawful. If you have received this e-mail in error, please advise me immediately ---
Current thread:
- Re: ICMP_TIME_EXCEEDED to network address? Robert Turner (Feb 01)
- <Possible follow-ups>
- Re: ICMP_TIME_EXCEEDED to network address? Melissa (Feb 01)
- Re: ICMP_TIME_EXCEEDED to network address? Edwards, David (JTD) (Feb 01)