RE: Large ICMP packets tracing/troubleshooting

To: <debian-user@lists.debian.org>
Subject: RE: Large ICMP packets tracing/troubleshooting
From: "Tony Heal" <theal@pace2020.com>
Date: Mon, 23 Apr 2007 09:09:01 -0400
Message-id: <[🔎] 000001c785a8$91dfc630$800101df@shipwreck>
Reply-to: <theal@pace2020.com>
In-reply-to: <[🔎] 20070422190301.GB12205@titan>

192.168.2.7 is my box. 210.110.79.1 is not one of my IP addresses and therefore is out on the internet. Yes every 8th
packet goes out to 212.110.79.74 ( a different host ). This is a remote machine and I am not easily able to shutdown a
service at a time (at least not all of them)

Since this is coming from my box I would think that something would be able to detect it. Netstat does not even when
using 'netstat -ac'

Tony

> -----Original Message-----
> From: Douglas Allan Tutty [mailto:dtutty@porchlight.ca]
> Sent: Sunday, April 22, 2007 3:03 PM
> To: debian-user@lists.debian.org
> Subject: Re: Large ICMP packets tracing/troubleshooting
> 
> On Sun, Apr 22, 2007 at 09:45:12AM -0400, Tony Heal wrote:
> > I keep getting these entries in my firewall log. I am getting this
> > same entry every 10 seconds. I can not determine what is sending or
> > why.
> >
> > [00001] 2007-04-22 08:06:24 [Root]system-critical-00436: Large ICMP
> > packet! From 192.168.2.7 to 212.110.79.74, proto 1 (zone Trust, int
> > trust). Occurred 1 times.
> >
> If your box is 192.168.2.7 and the internet is 212.110.79.74 then the
> packet is coming from your box and is trying to get out to the net.
> 
> > also after every 7th entry of the above I get this
> >
> > [00004] 2007-04-22 08:05:54 [Root]system-critical-00436: Large ICMP
> > packet! From 192.168.2.7 to 210.163.43.1, proto 1 (zone Trust, int
> > trust). Occurred 1 times.
> >
> Out to a different host.
> 
> > I can not determine what is going on and it is driving me nuts.
> > everything I google comes up with nothing, so I thought I would ask
> > the list for any help in troubleshooting this that you can think of.
> 
> If you're getting it every 10 seconds, at least it should be simple to
> track down.  Run through the shutdown scripts one at a time and see when
> it stops (that is, run each script in rc6.d in order with the parameter
> 'stop').  When the errors stop, you've found the culpret.
> 
> Good luck.
> 
> Doug.
> 
> 
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Re: Large ICMP packets tracing/troubleshooting
  - From: Douglas Allan Tutty <dtutty@porchlight.ca>

Prev by Date: Re: security for a home system
Next by Date: Re: security for a home system
Previous by thread: Re: Large ICMP packets tracing/troubleshooting
Next by thread: Re: Bash bashed by libc6 upgrade, more
Index(es):
- Date
- Thread