Security Incidents mailing list archives
Re: ICMP_TIME_EXCEEDED to network address?
From: "E, M" <freehold () EROLS COM>
Date: Wed, 24 Jan 2001 11:26:16 +0000
I suppose someone could forge fragmented ICMP packets that are missing some of the fragments and force a host to reply with one of these packets with an ICMP 11/1. Is someone at your network doing traceroute? You could be seeing a response from a router. For routine 'what am I seeing?' questions, a good resource is 'What am I seeing?' :) at http://www.robertgraham.com/pubs/firewall-seen.html Missy
Current thread:
- ICMP_TIME_EXCEEDED to network address? Ralf G. R. Bergs (Jan 24)
- Re: ICMP_TIME_EXCEEDED to network address? Ulrich Eckhardt (Jan 24)
- Re: ICMP_TIME_EXCEEDED to network address? Ralf G. R. Bergs (Jan 24)
- Re: ICMP_TIME_EXCEEDED to network address? Juergen P. Meier (Jan 25)
- Re: ICMP_TIME_EXCEEDED to network address? Ralf G. R. Bergs (Jan 24)
- Re: ICMP_TIME_EXCEEDED to network address? E, M (Jan 24)
- <Possible follow-ups>
- Re: ICMP_TIME_EXCEEDED to network address? Curt Freeland (Jan 25)
- Re: ICMP_TIME_EXCEEDED to network address? Ralf G. R. Bergs (Jan 25)
- Re: ICMP_TIME_EXCEEDED to network address? Bill Royds (Jan 25)
- Re: ICMP_TIME_EXCEEDED to network address? Ulrich Eckhardt (Jan 24)