[Dshield] ICMP Issue

Johannes Ullrich jullrich at euclidian.com
Wed Mar 12 19:05:24 GMT 2003

> Although very rare, I have been trying to sort out why, when I visit 
> certain web sites, I receive a flood of ICMP traffic. Is this intrusive? 
> Does it compromise either security or privacy? You folks know a lot more 
> than I do. Any ideas?

My first guess would be that these sites are using some form of load
balancing or content delivery network. They use the ICMP packets to
find the best server to reach you.

Another option is 'MTU discovery'. Some operating systems try to
determine the maximum packet size they can send you without running
into fragmentation.

Either way, its not a big privacy / security issue. Using ICMP for this
purpose is appropriate in my opinion. Better than some load balancers
that use packets to port 53.

jullrich at euclidian.com             Collaborative Intrusion Detection
                                         join http://www.dshield.org

More information about the list mailing list