Security Incidents mailing list archives
Re: ICMP_TIME_EXCEEDED to network address?
From: Ulrich Eckhardt <Ulrich.Eckhardt () TRANSCOM DE>
Date: Wed, 24 Jan 2001 16:59:41 +0100
"Ralf G. R. Bergs" wrote:
Hi there, does anyone of you have an idea what this could mean? I see lots of packets from a certain IP to my class C network address (aaa.bbb.ccc.0) with an ICMP type of 11 (Time Exceeded). Could this be a DoS?
Hi, i can see here something similar. Here is an excerpt (a little bit snipped from preformatted log output) : Cooming from 61.132.74.1 to 193.103.163.0 Payload : SRC=193.103.163.0 DST=202.102.107.137 LEN=92 TOS=0x00 PREC=0x00 TTL=0 ID=17300 PROTO=ICMP TYPE=8 CODE=0 ID=0 SEQ=0 and from 254.c243.ethome.net.tw->193.103.163.0 Payload : SRC=193.103.163.0 DST=24.12.76.66 LEN=92 TOS=0x00 PREC=0x00 TTL=0 ID=18991 PROTO=ICMP TYPE=8 CODE=0 ID=0 SEQ=0 This packets arrives mostly during night here. But they arrive too slow for a DoS attack. Uli -- Ulrich Eckhardt Tr@nscom http://www.uli-eckhardt.de http://www.transcom.de Lagerstraße 11-15 A8 64807 Dieburg Germany
Current thread:
- ICMP_TIME_EXCEEDED to network address? Ralf G. R. Bergs (Jan 24)
- Re: ICMP_TIME_EXCEEDED to network address? Ulrich Eckhardt (Jan 24)
- Re: ICMP_TIME_EXCEEDED to network address? Ralf G. R. Bergs (Jan 24)
- Re: ICMP_TIME_EXCEEDED to network address? Juergen P. Meier (Jan 25)
- Re: ICMP_TIME_EXCEEDED to network address? Ralf G. R. Bergs (Jan 24)
- Re: ICMP_TIME_EXCEEDED to network address? E, M (Jan 24)
- <Possible follow-ups>
- Re: ICMP_TIME_EXCEEDED to network address? Curt Freeland (Jan 25)
- Re: ICMP_TIME_EXCEEDED to network address? Ralf G. R. Bergs (Jan 25)
- Re: ICMP_TIME_EXCEEDED to network address? Bill Royds (Jan 25)
- Re: ICMP_TIME_EXCEEDED to network address? Ulrich Eckhardt (Jan 24)