Security Incidents mailing list archives

Re: IDS246 Large ICMP Packet

From: Jan Muenther <jan () RADIO HUNDERT6 DE>
Date: Thu, 16 Nov 2000 19:09:05 +0100

Hi there,

[**] IDS246 - MISC - Large ICMP Packet [**]
11/13-12:53:37.296852 32.96.212.11 -> 200.210.111.132
ICMP TTL:247 TOS:0x0 ID:10257  DF
ID:48282   Seq:61662  ECHO


This seems common.

Is anyone else being hit by this machine?  I ran an NMAP on it and
it's apparently some kind of proxy but these ICMP warnings are really
annoying me!


Not by this machine, but by this phenomenon. I think it's a
specificum of AIX. It send ICMP packets with a payload of 0s. I
think it does so to determine the max. MTU of your router or
something. Check the mail archives of the snort list, it's almost
a FAQ ;o))

Oh, and yes, it does get on my nerves, too ;o))

Bye, Jan
--
Radio HUNDERT,6 Medien GmbH Berlin
- EDV -
j.muenther () radio hundert6 de

Current thread:

IDS246 Large ICMP Packet Andre Kajita - Administrador da Rede (Nov 17)
- Re: IDS246 Large ICMP Packet Jan Muenther (Nov 18)
- Re: IDS246 Large ICMP Packet Valdis Kletnieks (Nov 18)
- <Possible follow-ups>
- Re: IDS246 Large ICMP Packet Bevan, Graham (Nov 18)