Re: ICMP_TIME_EXCEEDED to network address?

[Melissa <mlovett () WARRIOR MGC PEACHNET EDU>]

I have been trying to post info to this list on this very topic for some
time now.  It never gets posted.  Anyway, I am currently
researching/solving a similar problem.  I have discovered that multimedia
keyboards send constant pings to the following address, at least on our
network, 207.26.131.137.  Our sniffer reports the Time Exceeded in Transit,
TTL set to 1.

The file mmkeybd.exe is causing constant pings on our network coming from
the students personal computers.  Anyway, if you uninstall this software or
diable this fiel from executing, no more pings.  The catch is the kid's
keyboard doesn't have full multimedia functionality once you get rid of the
mmkeybd.exe file.  I still don't know if it is some sort of bug inteh
mmkeybd.exe file or what...I can't get anyone to answer that.


Also, I have discovered that pathping, in Windows 2000, causes a report of
Time exceeded in transit, TTL set to 1.  If you have a sniffer, you can
watch this.  Just pathping any address, even on your network, and it will
report Time to Live Exceeded in Transit, TTL 1.

Melissa

---------------------------------------------------------------------------------------------------------
Hi there,
does anyone of you have an idea what this could mean? I see lots of packets
from a certain IP to my class C network address (aaa.bbb.ccc.0) with an ICMP
type of 11 (Time Exceeded). Could this be a DoS?
Thanks,
Ralf