Re: Spoofed ICMP "destination unreachable" - DOS?

[aussie () AUSSIE MINE NU (Aussie)]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 22 May 00, at 16:46, Ken Eichman wrote:

> In the past week I've seen at least 3 identical ICMP DOS attacks (?)
> involving 3 different ISPs. I'm not sure if they're attempted attacks,
> and if so, against my network or the ISP's.

I've been seeing the same packets, typically with a "source" address set to
10.240.x.x, but occasinally with real IP's. They aren't very frequent but still
annoying. I've tried getting windump to work so I can get a packet dump of the
offending packets, but it's failing with NDIS adapter failures. I have Conseal
firewall set up to reject most incoming ICMP packets so these packets stand out
a lot, but I haven't been able to see any similarities between incidents.
Sometimes there has been no network activity for over 15 mins, so it's
definitely not coming from my system.

Aussie

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2 -- QDPGP 2.60
Comment: Please verify this signature.  http://www.pgpi.com

iQA/AwUBOStF75Zb9oayhFBBEQJcIgCdGfLyCaTwIagzeDyou0jqVlhfuMgAoPjS
u6M0ZlYw7xXc+tD9dv2ofTpd
=vVM2
-----END PGP SIGNATURE-----

PGP Key Block available at:
http://aussie.mine.nu/aussie/pgp_key.txt