Security Incidents mailing list archives
Re: ICMP_TIME_EXCEEDED to network address?
From: "Ralf G. R. Bergs" <rabe () RWTH-Aachen DE>
Date: Wed, 24 Jan 2001 17:41:04 +0100
On Wed, 24 Jan 2001 16:59:41 +0100, Ulrich Eckhardt wrote:
But they arrive too slow for a DoS attack.
Maybe it's some sort of a scan, too? I'm not a TCP/IP guru, so please forgive me if I'm talking nonsense, but I *think* some hosts additionally reply to packets sent to the network address (i.e. to aaa.bbb.ccc.0 instead of aaa.bbb.ccc.ddd with ddd != 0 and ddd != 255) (much the same as to packets sent to the broadcast address which would probably be more appropriate to address several hosts at once.) So in this case they might reply to the "Time exceeded" message (with what?) and thus indicate there's a machine running that particular IP? Just guessing, Ralf -- Sign the EU petition against SPAM: L I N U X .~. http://www.politik-digital.de/spam/ The Choice /V\ of a GNU /( )\ Generation ^^-^^
Current thread:
- ICMP_TIME_EXCEEDED to network address? Ralf G. R. Bergs (Jan 24)
- Re: ICMP_TIME_EXCEEDED to network address? Ulrich Eckhardt (Jan 24)
- Re: ICMP_TIME_EXCEEDED to network address? Ralf G. R. Bergs (Jan 24)
- Re: ICMP_TIME_EXCEEDED to network address? Juergen P. Meier (Jan 25)
- Re: ICMP_TIME_EXCEEDED to network address? Ralf G. R. Bergs (Jan 24)
- Re: ICMP_TIME_EXCEEDED to network address? E, M (Jan 24)
- <Possible follow-ups>
- Re: ICMP_TIME_EXCEEDED to network address? Curt Freeland (Jan 25)
- Re: ICMP_TIME_EXCEEDED to network address? Ralf G. R. Bergs (Jan 25)
- Re: ICMP_TIME_EXCEEDED to network address? Bill Royds (Jan 25)
- Re: ICMP_TIME_EXCEEDED to network address? Ulrich Eckhardt (Jan 24)