Security Incidents mailing list archives
invalid icmp in linux?
From: inouk () IGT NET (Eric LeBlanc)
Date: Sat, 27 May 2000 10:58:34 -0400
Hello! Hello, in /var/log/kern.log, I have this : May 26 17:35:17 toutatis kernel: 64.228.200.219 sent an invalid ICMP error to a broadcast. May 26 17:35:17 toutatis last message repeated 9 times May 26 17:35:22 toutatis kernel: NET: 240 messages suppressed. May 26 17:35:22 toutatis kernel: 64.228.200.219 sent an invalid ICMP error to a broadcast. May 26 17:35:27 toutatis kernel: NET: 249 messages suppressed. May 26 17:35:27 toutatis kernel: 64.228.200.219 sent an invalid ICMP error to a broadcast. May 26 17:35:32 toutatis kernel: NET: 241 messages suppressed. May 26 17:35:32 toutatis kernel: 64.228.200.219 sent an invalid ICMP error to a broadcast. May 26 17:35:37 toutatis kernel: NET: 223 messages suppressed. May 26 17:35:37 toutatis kernel: 64.228.200.219 sent an invalid ICMP error to a broadcast. May 26 17:35:42 toutatis kernel: NET: 233 messages suppressed. May 26 17:35:42 toutatis kernel: 64.228.200.219 sent an invalid ICMP error to a broadcast. May 26 17:35:47 toutatis kernel: NET: 249 messages suppressed. May 26 17:35:47 toutatis kernel: 64.228.200.219 sent an invalid ICMP error to a broadcast. May 26 17:35:52 toutatis kernel: NET: 249 messages suppressed. May 26 17:35:52 toutatis kernel: 64.228.200.219 sent an invalid ICMP error to a broadcast. my kernel: Linux toutatis 2.2.13 #1 SMP Mon Nov 29 22:53:42 EST 1999 i686 unknown My server is down after attack.. :-/ what it is ? How I patch? Thanks! Rick ----- Eric LeBlanc inouk () igt net -------------- "Well, let's just say, 'if your VCR is still blinking 12:00, you don't want Linux'". --- Bruce Perens, Debian's Fearless Leader ------------
Current thread:
- ICMP attack in progress?, (continued)
- ICMP attack in progress? Lic. Rodolfo Gonzalez Gonzalez (May 25)
- Re: ICMP attack in progress? Crist J. Clark (May 25)
- Re: ICMP attack in progress? Jason Storm (May 26)
- afs3 exploit?? elijah wright (May 25)
- Strange Happenings @Home Fred Hirsch (May 30)
- AMDROCKS Jim Williams (May 25)
- Attacks on port 25 Vincent Lim (May 25)
- Re: Attacks on port 25 Ryan Russell (May 26)
- Re: Attacks on port 25 Bill Lavalette (May 28)
- Re: Attacks on port 25 RayW (May 29)
- ICMP attack in progress? Lic. Rodolfo Gonzalez Gonzalez (May 25)
- invalid icmp in linux? Eric LeBlanc (May 27)
- Re: invalid icmp in linux? Jose Nazario (May 28)
- weird scan pattern Joe H (May 28)
- Re: weird scan pattern Russell Fulton (May 29)
- IDS: Scan of the week Lance Spitzner (May 30)
- 5 scans of 12345 in a couple of hours. AUSCERT#36349 Russell Fulton (May 31)
- Taiwan server compromise Claudiu Costin (May 26)
- Re: Taiwan server compromise Vortex (May 26)
- port 44767 activity Nathan Fain (May 28)
- Re: AMDROCKS Alejandro (May 26)
- Re: AMDROCKS J. S. Townsley (May 26)