Security Incidents mailing list archives
Re: ICMP Destination Unreachable, Administratively Prohibited
From: Russell Fulton <r.fulton () auckland ac nz>
Date: 14 Feb 2003 12:38:32 +1300
On Fri, 2003-02-14 at 11:35, Neil Dickey wrote:
My questions are these: Does anyone know what sort of probe is being used? Is this in fact a probe of our site, or just backsplash from a scan of another site using our IPs as spoofed source addresses? Is it something else I haven't thought of?
In my experience most Dst URs are the result of DOS attacks by third parties who have use forged sources addresses (some being yours). The result is that someone blocks the traffic at a router somewhere and unless they think to disable URs they spray out all over the net. -- Russell Fulton, Computer and Network Security Officer The University of Auckland, New Zealand "It aint necessarily so" - Gershwin ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- ICMP Destination Unreachable, Administratively Prohibited Neil Dickey (Feb 13)
- Re: ICMP Destination Unreachable, Administratively Prohibited Chris Brenton (Feb 13)
- Re: ICMP Destination Unreachable, Administratively Prohibited Anthony Kim (Feb 14)
- Re: ICMP Destination Unreachable, Administratively Prohibited Valdis . Kletnieks (Feb 14)
- Re: ICMP Destination Unreachable, Administratively Prohibited Russell Fulton (Feb 13)
- Re: ICMP Destination Unreachable, Administratively Prohibited Anders Thulin (Feb 14)
- Re: ICMP Destination Unreachable, Administratively Prohibited Chris Brenton (Feb 13)