Security Incidents mailing list archives
Re: ICMP time exceed in-transit packets
From: Alain.Thivillon () HSC FR (Alain Thivillon)
Date: Sat, 1 Jan 2000 21:05:27 +0100
Chris Brenton <cbrenton () SOVER NET> écrivait (wrote) :
So the attacker transmits the above packet. While in transit, the TTL drops to zero. The router receiving the TTL 0 packet realizes it can not forward it and issues a time exceeded (ICMP type 11) packet back to the spoofed source address. So what you are seeing in your logs is the error code generated by the spoofed packets when the TTL expires.
Well, you are saying someone is tracerouting you. Congratulations :) -- Unix is ending in 13897 days, 7 hours, 9 min, 55 sec : save your buffers
Current thread:
- Re: ICMP time exceed in-transit packets White, Tim (Dec 31)
- Re: ICMP time exceed in-transit packets Chris Brenton (Jan 01)
- Re: ICMP time exceed in-transit packets Alain Thivillon (Jan 01)
- Re: ICMP time exceed in-transit packets Christopher Wilson (Jan 02)
- port 119 Dariusz Zmokly (Jan 03)
- Re: port 119 Robert Graham (Jan 03)
- Re: port 119 Thomas Molina (Jan 04)
- Re: port 119 Vince Vielhaber (Jan 05)
- Re: ICMP time exceed in-transit packets Alain Thivillon (Jan 01)
- Ports 25092 / 20869 Vanja Hrustic (Jan 04)
- Re: Ports 25092 / 20869 Robert Graham (Jan 04)
- port 1150 and 4833 ? Kim R. Rasmussen (Jan 04)
- Re: port 1150 and 4833 ? Frameloss, Frameloss (Jan 10)
- Re: ICMP time exceed in-transit packets Chris Brenton (Jan 01)
- Re: port 119 R a v e N (Jan 05)