Security Incidents mailing list archives
Re: Huge outgoing ICMP flows
From: "Robert G. Ferrell" <root () rgfsparc cr usgs gov>
Date: Fri, 15 Jun 2001 07:52:04 -0500 (CDT)
ICMP doesn't use ports. It instead uses types and codes. I've lost my copy of the URL for iana's documents. Would someone be kind enough to post that?
Well, here's my local copy of RFC 1700: http://rgfsparc.cr.usgs.gov:8090/sysadmin/rfc/rfc1700.txt My favorite RFC search engine is at http://www.rfc-editor.org/rfcsearch.html Here's a useful compilation posted some time ago on one of the lists. Unfortunately, I forgot who put it up. I apologize profusely to the author. ICMP Type Field Codes icmp type code service 0 "echo" 0 "echo-reply" 3 "unreachable" 0 "net-unreachable" 3 "unreachable" 10 3 "unreachable" 11 3 "unreachable" 12 3 "unreachable" 1 "host-unreachable" 3 "unreachable" 2 "protocol-unreachable" 3 "unreachable" 3 "port-unreachable" 3 "unreachable" 4 "fragmentation-df-set" 3 "unreachable" 5 "source-route-failed" 3 "unreachable" 6 3 "unreachable" 7 3 "unreachable" 8 3 "unreachable" 9 4 "quench" 0 "source-quench" 5 "redirect" 0 "redirect-network" 5 "redirect" 1 "redirect-host" 5 "redirect" 2 "redirect-service-network" 5 "redirect" 3 "redirect-service-host" 6 "alternate" 0 "alternate-host-address" 8 "echo" 0 "echo-request" 9 "router" 0 "router-advertisement" 10 "router" 0 "router-selection" 11 "exceeded" 0 "ttl-exceeded" 11 "exceeded" 1 "fragment-reassembly-exceeded" 12 "error" 0 "pointer-error" 12 "error" 1 "missing-option" 12 "error" 2 "bad-length" 13 "timestamp" 0 "timestamp-request" 14 "timestamp" 0 "timestamp-reply" 15 "information" 0 "info-request" 16 "information" 0 "info-reply" 17 "mask" 0 "mask-request" 18 "mask" 0 "mask-reply" 30 "traceroute" 0 "traceroute-forwarded" 30 "traceroute" 1 "packet-discarded" 31 "datagram" 0 "datagram-conversion-error" 32 "mobile" 0 "mobile-host-redirect" 33 "ipv6-request" 0 "ipv6-where-are-you" 34 "ipv6-reply" 0 "ipv6-here-I-am" 35 "mobile" 0 "mobile-registration-request" 36 "mobile" 0 "mobile-registration-reply" 37 "domain-name" 0 "domain-name-request" 38 "domain-name" 0 "domain-name-reply" 40 "security" 0 "bad-spi" 40 "security" 1 "authentication-failed" 40 "security" 2 "decompression-failed" 40 "security" 3 "decryption-failed" 40 "security" 4 "need-authentication" 40 "security" 5 "need-authorization" Cheers, RGF Robert G. Ferrell, CISSP Information Systems Security Officer National Business Center U. S. Dept. of the Interior Robert_G_Ferrell () nbc gov ======================================== Who goeth without humor goeth unarmed. ========================================
Current thread:
- Re: Huge outgoing ICMP flows, (continued)
- Re: Huge outgoing ICMP flows Chris Ess (Jun 14)
- Re: Huge outgoing ICMP flows Bryan Andersen (Jun 15)
- Re: Huge outgoing ICMP flows Kurt Seifried (Jun 17)
- 2300 FTP accesses from Korea Gregory McCann (Jun 18)
- Re: 2300 FTP accesses from Korea ecofsky (Jun 18)
- Re: 2300 FTP accesses from Korea Derek Kwan (Jun 18)
- Re: 2300 FTP accesses from Korea Russell Fulton (Jun 18)
- Re: 2300 FTP accesses from Korea Dug Song (Jun 18)
- Re: Huge outgoing ICMP flows Bryan Andersen (Jun 15)
- Re: Huge outgoing ICMP flows Chris Ess (Jun 14)
- Re: Huge outgoing ICMP flows Gary Maltzen (Jun 19)