[Dshield] ICMP Redirect?
david.vincent at mightyoaks.com
Thu Jun 12 17:11:11 GMT 2003
> ICMP redirect messages are almost always suspect. If used
> legitimately, ICMP redirects are used by a router to advice a
> host of a change in network topology. It just tells your host
> "don't send this to me, instead use this different router".
yeah, can't see why I'd be receiving those on a residential cable line.
> So what should you do? First, check if 220.127.116.11 is a host
> on your network (or your ISPs network). The code of 0
> indicates that the message is advising you to route all
> traffic for a specific network to a different host. If you
> can look at the entire packet and see if it makes sense.
> tcpdump or ethereal should decode them for you. The packet
> should include the original packet (header+first couple bytes
> of data), so you can make sure it looks 'valid'.
been thinking about this. one of the things I've lost by going to a
hardware firewall from a pc using NAT etc. is the ability to capture packets
on my public-facing IP. unless someone knows something I don't....
> Or, if things work well, just keep blocking them. If you are
> not able to reach certain hosts however, try to allow these
> messages in and see if this fixes the problem for you.
my only alternative is to keep blocking I think. interesting tho! someone
is looking to re-route my traffic through some MITM...
More information about the list