[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: icmp: type-#69 (catched that bastard)

martin f krafft <madduck@debian.org> writes:

> also sprach Tim Haynes <debian@stirfried.vegetable.org.uk> [2002.09.15.1812 +0200]:
>> I can't name one, but that doesn't say an awful lot. Googling for `ICMP
>> "type 69"' doesn't lead to any obvious results, either. :(
>
> sorry to spurt into the thread randomly. 

Not a problem..

> using any packet generation tool, i don't think it's quite hard to create
> an ICMP type 69 packet. i wouldn't be concerned if i were you. i don't
> know *anyone* using type 69...

The problem that Cristian reported originally (on uk.comp.os.linux, IIRC)
was reporting lots of these packets - note that they're unknown ICMP type
(so quite likely to provoke a `param-problem' response) destined for a
network broadcast address (so likely to bombard the source IP# with yet
more ICMP). That's a potential smurf-a-like DoS lurking.

The fact that the TTLs are out by 2 needs explaining to me, and crafted
packets is one of the possible options.

~Tim
-- 
<http://spodzone.org.uk/>
Reply to: