ICMP 8.255?

["E. Larry Lidz" <ellidz () eridu uchicago edu>]

On a recent scan of our network, we saw ICMP echo requests coming in
with the ICMP code set to 255. As it's normally supposed to be set to
zero (and I can't recall ever having seen a non-zero code on an echo
request), I'm assuming that this was some sort of constructed packet.
Anyone else seen this before?

Of course, it's possible it's some sort of new DoS attack, though we
didn't have any reports of machines crashing because of it.

-Larry

---
E. Larry Lidz                                        Phone: (773)702-2208
Sr. Network Security Officer                         Fax:   (773)702-0559
Network Security Center, The University of Chicago
PGP: http://security.uchicago.edu/centerinfo/pgpkeys.shtml