nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: operational: icmp echo out of control?

From: Mike Tancsa <mike () sentex net>
Date: Tue, 28 May 2002 15:36:08 -0400

At 03:21 PM 28/05/2002 -0400, Jeff Mcadams wrote:


Also sprach E.B. Dreger
>RAS> be mistaken for a port scan. But for so many network admins,
>RAS> all they know is "ICMP bad".

>That'll be the day when someone calls abuse saying "I'm being attacked
>by ICMP unreachables!" ;-)

"That'll be..."?  Future tense?  Hrmm...
Here is a sample posting from the "future"... It was much worse when my email address was the ARIN contact and I would get people screaming at me asking why I was hacking their machine :-( 

---------begin annoying auto-robot-program----------
The attempt was detected by the personal firewall running on my machine,
and I am quite concerned about it.

If you are in fact responsible for this network, please do the following:

1) Research the access attempt(s),
2) Inform the responsible parties to discontinue access attempts,
3) Reply to me with your findings.

If you are not responsible for this network, please forward this message to
the person who is, or, if you do not know who this person is, please get
back to me with that information as well.  Thank you.

The access attempt(s) are shown below, including the date and time, port
number, TCP or UDP indicator, and, if known, a service name associated with
the port.

    Jeu 09 mai 2002 15:30:22, Port 3, ICMP, Destination Unreachable
    Jeu 09 mai 2002 15:30:21, Port 3, ICMP, Destination Unreachable
    Jeu 09 mai 2002 15:30:10, Port 3, ICMP, Destination Unreachable
    Jeu 09 mai 2002 15:30:09, Port 3, ICMP, Destination Unreachable
Previous By Date Next
Previous By Thread Next

Current thread: