Security Incidents mailing list archives
Re: ICMP_TIME_EXCEEDED to network address?
From: Ulrich Eckhardt <Ulrich.Eckhardt () TRANSCOM DE>
Date: Wed, 24 Jan 2001 16:59:41 +0100
"Ralf G. R. Bergs" wrote:
Hi there, does anyone of you have an idea what this could mean? I see lots of packets from a certain IP to my class C network address (aaa.bbb.ccc.0) with an ICMP type of 11 (Time Exceeded). Could this be a DoS?
Hi,
i can see here something similar. Here is an excerpt (a little bit
snipped from preformatted log output) :
Cooming from 61.132.74.1 to 193.103.163.0
Payload : SRC=193.103.163.0 DST=202.102.107.137 LEN=92 TOS=0x00
PREC=0x00 TTL=0
ID=17300 PROTO=ICMP TYPE=8 CODE=0 ID=0 SEQ=0
and from 254.c243.ethome.net.tw->193.103.163.0
Payload : SRC=193.103.163.0 DST=24.12.76.66 LEN=92 TOS=0x00 PREC=0x00
TTL=0
ID=18991 PROTO=ICMP TYPE=8 CODE=0 ID=0 SEQ=0
This packets arrives mostly during night here. But they arrive too slow
for a DoS attack.
Uli
--
Ulrich Eckhardt Tr@nscom
http://www.uli-eckhardt.de http://www.transcom.de
Lagerstraße 11-15 A8
64807 Dieburg Germany
Current thread:
- ICMP_TIME_EXCEEDED to network address? Ralf G. R. Bergs (Jan 24)
- Re: ICMP_TIME_EXCEEDED to network address? Ulrich Eckhardt (Jan 24)
- Re: ICMP_TIME_EXCEEDED to network address? Ralf G. R. Bergs (Jan 24)
- Re: ICMP_TIME_EXCEEDED to network address? Juergen P. Meier (Jan 25)
- Re: ICMP_TIME_EXCEEDED to network address? Ralf G. R. Bergs (Jan 24)
- Re: ICMP_TIME_EXCEEDED to network address? E, M (Jan 24)
- <Possible follow-ups>
- Re: ICMP_TIME_EXCEEDED to network address? Curt Freeland (Jan 25)
- Re: ICMP_TIME_EXCEEDED to network address? Ralf G. R. Bergs (Jan 25)
- Re: ICMP_TIME_EXCEEDED to network address? Bill Royds (Jan 25)
- Re: ICMP_TIME_EXCEEDED to network address? Ulrich Eckhardt (Jan 24)