Security Incidents mailing list archives
Re: ICMP_TIME_EXCEEDED to network address?
From: Bill Royds <Bill_Royds () PCH GC CA>
Date: Thu, 25 Jan 2001 16:41:13 -0500
Our Raptor firewall also records the contents of the ICMP package. This helps in
tracking down the real sender.
Packets like this have been seen often over the last year. It appears that a
tool is trying to use responses to fake ICMP messages to map networks, perhaps
from the Georgia @home source.
grep '202.178.243.254' logfile.2001012[34]* | more
logfile.20010123:Jan 23 01:11:55.664 gate kernel: 120 ICMP Info: Not sending
ICMP Unreachable in response to non-information ICMP (2
54.c243.ethome.net.tw[202.178.243.254]->172.16.61.0: Protocol=ICMP[Time exceeded
(in transit)] {Inner: 172.16.61.0->ci582208-a.ganvi
l1.ga.home.com[24.12.76.66]: Protocol=ICMP[Echo request]}) received on interface
172.16.21.2
logfile.20010123:Jan 23 04:04:41.537 gate kernel: 120 ICMP Info: Not sending
ICMP Unreachable in response to non-information ICMP (2
54.c243.ethome.net.tw[202.178.243.254]->172.16.61.0: Protocol=ICMP[Time exceeded
(in transit)] {Inner: 172.16.61.0->ci582208-a.ganvi
l1.ga.home.com[24.12.76.66]: Protocol=ICMP[Echo request]}) received on interface
172.16.21.2
logfile.20010123:Jan 23 07:54:55.959 gate kernel: 120 ICMP Info: Not sending
ICMP Unreachable in response to non-information ICMP (2
54.c243.ethome.net.tw[202.178.243.254]->172.16.61.0: Protocol=ICMP[Time exceeded
(in transit)] {Inner: 172.16.61.0->ci582208-a.ganvi
l1.ga.home.com[24.12.76.66]: Protocol=ICMP[Echo request]}) received on interface
172.16.21.2
logfile.20010123:Jan 23 09:17:54.815 gate kernel: 120 ICMP Info: Not sending
ICMP Unreachable in response to non-information ICMP (2
54.c243.ethome.net.tw[202.178.243.254]->172.16.61.0: Protocol=ICMP[Time exceeded
(in transit)] {Inner: 172.16.61.0->ci582208-a.ganvi
l1.ga.home.com[24.12.76.66]: Protocol=ICMP[Echo request]}) received on interface
172.16.21.2
logfile.20010123:Jan 23 10:35:42.539 gate kernel: 120 ICMP Info: Not sending
ICMP Unreachable in response to non-information ICMP (2
54.c243.ethome.net.tw[202.178.243.254]->172.16.61.0: Protocol=ICMP[Time exceeded
(in transit)] {Inner: 172.16.61.0->ci582208-a.ganvi
l1.ga.home.com[24.12.76.66]: Protocol=ICMP[Echo request]}) received on interface
172.16.21.2
logfile.20010123:Jan 23 10:40:03.434 gate kernel: 120 ICMP Info: Not sending
ICMP Unreachable in response to non-information ICMP (2
54.c243.ethome.net.tw[202.178.243.254]->172.16.61.0: Protocol=ICMP[Time exceeded
(in transit)] {Inner: 172.16.61.0->ci582208-a.ganvi
l1.ga.home.com[24.12.76.66]: Protocol=ICMP[Echo request]}) received on interface
172.16.21.2
logfile.20010123-1:Jan 23 13:27:20.076 gate kernel: 120 ICMP Info: Not sending
ICMP Unreachable in response to non-information ICMP
(254.c243.ethome.net.tw[202.178.243.254]->172.16.61.0: Protocol=ICMP[Time
exceeded (in transit)] {Inner: 172.16.61.0->ci582208-a.gan
vil1.ga.home.com[24.12.76.66]: Protocol=ICMP[Echo request]}) received on
interface 172.16.21.2
logfile.20010123-2:Jan 23 16:31:56.728 gate kernel: 120 ICMP Info: Not sending
ICMP Unreachable in response to non-information ICMP
(254.c243.ethome.net.tw[202.178.243.254]->172.16.61.0: Protocol=ICMP[Time
exceeded (in transit)] {Inner: 172.16.61.0->ci582208-a.gan
vil1.ga.home.com[24.12.76.66]: Protocol=ICMP[Echo request]}) received on
interface 172.16.21.2
logfile.20010123-3:Jan 23 17:42:57.645 gate kernel: 120 ICMP Info: Not sending
ICMP Unreachable in response to non-information ICMP
(254.c243.ethome.net.tw[202.178.243.254]->172.16.61.0: Protocol=ICMP[Time
exceeded (in transit)] {Inner: 172.16.61.0->ci582208-a.gan
vil1.ga.home.com[24.12.76.66]: Protocol=ICMP[Echo request]}) received on
interface 172.16.21.2
logfile.20010124:Jan 24 00:11:24.442 gate kernel: 120 ICMP Info: Not sending
ICMP Unreachable in response to non-information ICMP (2
54.c243.ethome.net.tw[202.178.243.254]->172.16.61.0: Protocol=ICMP[Time exceeded
(in transit)] {Inner: 172.16.61.0->ci582208-a.ganvi
l1.ga.home.com[24.12.76.66]: Protocol=ICMP[Echo request]}) received on interface
172.16.21.2
logfile.20010124:Jan 24 05:59:29.727 gate kernel: 120 ICMP Info: Not sending
ICMP Unreachable in response to non-information ICMP (2
54.c243.ethome.net.tw[202.178.243.254]->172.16.61.0: Protocol=ICMP[Time exceeded
(in transit)] {Inner: 172.16.61.0->ci582208-a.ganvi
l1.ga.home.com[24.12.76.66]: Protocol=ICMP[Echo request]}) received on interface
172.16.21.2
logfile.20010124:Jan 24 07:06:42.202 gate kernel: 120 ICMP Info: Not sending
ICMP Unreachable in response to non-information ICMP (2
54.c243.ethome.net.tw[202.178.243.254]->172.16.61.0: Protocol=ICMP[Time exceeded
(in transit)] {Inner: 172.16.61.0->ci582208-a.ganvi
l1.ga.home.com[24.12.76.66]: Protocol=ICMP[Echo request]}) received on interface
172.16.21.2
logfile.20010124-1:Jan 24 13:43:30.865 gate kernel: 120 ICMP Info: Not sending
ICMP Unreachable in response to non-information ICMP
(254.c243.ethome.net.tw[202.178.243.254]->172.16.61.0: Protocol=ICMP[Time
exceeded (in transit)] {Inner: 172.16.61.0->ci582208-a.gan
vil1.ga.home.com[24.12.76.66]: Protocol=ICMP[Echo request]}) received on
interface 172.16.21.2
logfile.20010124-2:Jan 24 16:29:14.293 gate kernel: 120 ICMP Info: Not sending
ICMP Unreachable in response to non-information ICMP
(254.c243.ethome.net.tw[202.178.243.254]->172.16.61.0: Protocol=ICMP[Time
exceeded (in transit)] {Inner: 172.16.61.0->ci582208-a.gan
vil1.ga.home.com[24.12.76.66]: Protocol=ICMP[Echo request]}) received on
interface 172.16.21.2
logfile.20010124-2:Jan 24 16:40:17.787 gate kernel: 120 ICMP Info: Not sending
ICMP Unreachable in response to non-information ICMP
(254.c243.ethome.net.tw[202.178.243.254]->172.16.61.0: Protocol=ICMP[Time
exceeded (in transit)] {Inner: 172.16.61.0->ci582208-a.gan
vil1.ga.home.com[24.12.76.66]: Protocol=ICMP[Echo request]}) received on
interface 172.16.21.2
logfile.20010124-3:Jan 24 19:33:18.075 gate kernel: 120 ICMP Info: Not sending
ICMP Unreachable in response to non-information ICMP
(254.c243.ethome.net.tw[202.178.243.254]->172.16.61.0: Protocol=ICMP[Time
exceeded (in transit)] {Inner: 172.16.61.0->ci582208-a.gan
vil1.ga.home.com[24.12.76.66]: Protocol=ICMP[Echo request]}) received on
interface 172.16.21.2
logfile.20010124-3:Jan 24 20:04:51.599 gate kernel: 120 ICMP Info: Not sending
ICMP Unreachable in response to non-information ICMP
(254.c243.ethome.net.tw[202.178.243.254]->172.16.61.0: Protocol=ICMP[Time
exceeded (in transit)] {Inner: 172.16.61.0->ci582208-a.gan
vil1.ga.home.com[24.12.76.66]: Protocol=ICMP[Echo request]}) received on
interface 172.16.21.2
logfile.20010124-3:Jan 24 22:43:02.556 gate kernel: 120 ICMP Info: Not sending
ICMP Unreachable in response to non-information ICMP
(254.c243.ethome.net.tw[202.178.243.254]->172.16.61.0: Protocol=ICMP[Time
exceeded (in transit)] {Inner: 172.16.61.0->ci582208-a.gan
vil1.ga.home.com[24.12.76.66]: Protocol=ICMP[Echo request]}) received on
interface 172.16.21.2
logfile.20010124-3:Jan 24 23:26:10.264 gate kernel: 120 ICMP Info: Not sending
ICMP Unreachable in response to non-information ICMP
(254.c243.ethome.net.tw[202.178.243.254]->172.16.61.0: Protocol=ICMP[Time
exceeded (in transit)] {Inner: 172.16.61.0->ci582208-a.gan
vil1.ga.home.com[24.12.76.66]: Protocol=ICMP[Echo request]}) received on
interface 172.16.21.2
Current thread:
- ICMP_TIME_EXCEEDED to network address? Ralf G. R. Bergs (Jan 24)
- Re: ICMP_TIME_EXCEEDED to network address? Ulrich Eckhardt (Jan 24)
- Re: ICMP_TIME_EXCEEDED to network address? Ralf G. R. Bergs (Jan 24)
- Re: ICMP_TIME_EXCEEDED to network address? Juergen P. Meier (Jan 25)
- Re: ICMP_TIME_EXCEEDED to network address? Ralf G. R. Bergs (Jan 24)
- Re: ICMP_TIME_EXCEEDED to network address? E, M (Jan 24)
- <Possible follow-ups>
- Re: ICMP_TIME_EXCEEDED to network address? Curt Freeland (Jan 25)
- Re: ICMP_TIME_EXCEEDED to network address? Ralf G. R. Bergs (Jan 25)
- Re: ICMP_TIME_EXCEEDED to network address? Bill Royds (Jan 25)
- Re: ICMP_TIME_EXCEEDED to network address? Ulrich Eckhardt (Jan 24)