Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: invalid icmp in linux?

From: mgribov () KPLAB COM (Max Gribov)
Date: Tue, 30 May 2000 10:38:52 -0400

we have seen similar behavior on our local network. on of the linux machines
was giving off invalid icmp errors to broadcast. we are still not certain
what it was, but we are sure of one thing - it is not an attack.

max
sysadmin

----- Original Message -----
From: Eric LeBlanc <inouk () IGT NET>
To: <INCIDENTS () SECURITYFOCUS COM>
Sent: Saturday, May 27, 2000 10:58 AM
Subject: invalid icmp in linux?


Hello!

Hello, in /var/log/kern.log, I have this :

May 26 17:35:17 toutatis kernel: 64.228.200.219 sent an invalid ICMP error

to a broadcast.

May 26 17:35:17 toutatis last message repeated 9 times
May 26 17:35:22 toutatis kernel: NET: 240 messages suppressed.
May 26 17:35:22 toutatis kernel: 64.228.200.219 sent an invalid ICMP error

to a broadcast.

May 26 17:35:27 toutatis kernel: NET: 249 messages suppressed.
May 26 17:35:27 toutatis kernel: 64.228.200.219 sent an invalid ICMP error

to a broadcast.

May 26 17:35:32 toutatis kernel: NET: 241 messages suppressed.
May 26 17:35:32 toutatis kernel: 64.228.200.219 sent an invalid ICMP error

to a broadcast.

May 26 17:35:37 toutatis kernel: NET: 223 messages suppressed.
May 26 17:35:37 toutatis kernel: 64.228.200.219 sent an invalid ICMP error

to a broadcast.

May 26 17:35:42 toutatis kernel: NET: 233 messages suppressed.
May 26 17:35:42 toutatis kernel: 64.228.200.219 sent an invalid ICMP error

to a broadcast.

May 26 17:35:47 toutatis kernel: NET: 249 messages suppressed.
May 26 17:35:47 toutatis kernel: 64.228.200.219 sent an invalid ICMP error

to a broadcast.

May 26 17:35:52 toutatis kernel: NET: 249 messages suppressed.
May 26 17:35:52 toutatis kernel: 64.228.200.219 sent an invalid ICMP error

to a broadcast.


my kernel:
Linux toutatis 2.2.13 #1 SMP Mon Nov 29 22:53:42 EST 1999 i686 unknown



My server is down after attack.. :-/ what it is ?  How I patch?

Thanks!

Rick

-----
Eric LeBlanc
inouk () igt net
--------------
  "Well, let's just say, 'if your VCR is still blinking 12:00, you don't
   want Linux'".

          --- Bruce Perens, Debian's Fearless Leader
                        ------------
Previous By Date Next
Previous By Thread Next

Current thread: