Security Incidents mailing list archives
Re: ICMP_TIME_EXCEEDED to network address?
From: Melissa <mlovett () WARRIOR MGC PEACHNET EDU>
Date: Thu, 1 Feb 2001 12:08:11 -0500
I have been trying to post info to this list on this very topic for some time now. It never gets posted. Anyway, I am currently researching/solving a similar problem. I have discovered that multimedia keyboards send constant pings to the following address, at least on our network, 207.26.131.137. Our sniffer reports the Time Exceeded in Transit, TTL set to 1. The file mmkeybd.exe is causing constant pings on our network coming from the students personal computers. Anyway, if you uninstall this software or diable this fiel from executing, no more pings. The catch is the kid's keyboard doesn't have full multimedia functionality once you get rid of the mmkeybd.exe file. I still don't know if it is some sort of bug inteh mmkeybd.exe file or what...I can't get anyone to answer that. Also, I have discovered that pathping, in Windows 2000, causes a report of Time exceeded in transit, TTL set to 1. If you have a sniffer, you can watch this. Just pathping any address, even on your network, and it will report Time to Live Exceeded in Transit, TTL 1. Melissa --------------------------------------------------------------------------------------------------------- Hi there, does anyone of you have an idea what this could mean? I see lots of packets from a certain IP to my class C network address (aaa.bbb.ccc.0) with an ICMP type of 11 (Time Exceeded). Could this be a DoS? Thanks, Ralf
Current thread:
- Re: ICMP_TIME_EXCEEDED to network address? Robert Turner (Feb 01)
- <Possible follow-ups>
- Re: ICMP_TIME_EXCEEDED to network address? Melissa (Feb 01)
- Re: ICMP_TIME_EXCEEDED to network address? Edwards, David (JTD) (Feb 01)