Firewall Wizards mailing list archives

Re: strange icmp packets.

From: Neil Ratzlaff <Neil.Ratzlaff () ucop edu>
Date: Thu, 18 Mar 1999 15:47:24 -0800

We have been seeing these for many months.  Mostly at a very low level, and
I would not have noticed them at all except that they hit a private subnet
that has never had any machines on it.  They also hit other IP addresses
that do exist.  But when I see  icmp response packets when there was no
query packet, I assume an attempt at a stealth scan.

Neil


Please respond to Darren Reed <avalon () coombs anu edu au>

To:   firewall-wizards () nfr net
cc:    (bcc: Bill Royds/HullOttawa/PCH/CA)
Subject:  strange icmp packets.

Amongst the meabytes of log information that I'm seeing on a firewall
are icmp error packets being sent back to hosts which don't and have
never existed.  I assume others are seeing the same.  Has anyone
looked closer at this and decided it's either replies to spoof'd
packets being sent with their address or is someone trying to scan
using ICMP error packets ?!  The latter seems somewhat strange to me
as you're not meant to reply to those (I'm refering to unreachables
and quenches here).

Darren

Current thread:

strange icmp packets. Darren Reed (Mar 17)
- Re: strange icmp packets. Kaptain (Mar 17)
- <Possible follow-ups>
- RE: strange icmp packets. Frank W. Keeney (Mar 18)
  - RE: strange icmp packets. Chuck Young (Mar 19)
  - Message not available
    - RE: strange icmp packets. Neil Ratzlaff (Mar 22)
- Re: strange icmp packets. Bill_Royds (Mar 18)
- Re: strange icmp packets. Neil Ratzlaff (Mar 19)
  - Re: strange icmp packets. Darren Reed (Mar 19)
- RE: strange icmp packets. Robert Graham (Mar 23)