Re: icmp: type-#69 (catched that bastard)
martin f krafft <email@example.com> writes:
> also sprach Tim Haynes <firstname.lastname@example.org> [2002.09.15.1812 +0200]:
>> I can't name one, but that doesn't say an awful lot. Googling for `ICMP
>> "type 69"' doesn't lead to any obvious results, either. :(
> sorry to spurt into the thread randomly.
Not a problem..
> using any packet generation tool, i don't think it's quite hard to create
> an ICMP type 69 packet. i wouldn't be concerned if i were you. i don't
> know *anyone* using type 69...
The problem that Cristian reported originally (on uk.comp.os.linux, IIRC)
was reporting lots of these packets - note that they're unknown ICMP type
(so quite likely to provoke a `param-problem' response) destined for a
network broadcast address (so likely to bombard the source IP# with yet
more ICMP). That's a potential smurf-a-like DoS lurking.
The fact that the TTLs are out by 2 needs explaining to me, and crafted
packets is one of the possible options.