[Dshield] Sanity check
Esler, Joel - Contractor
joel.esler at rcert-s.army.mil
Wed Oct 13 13:02:48 GMT 2004
What would be the point of an unsolicited ICMP time exceeded in transit?
I am receiving ICMP time exceeded in transit messages for (what the box
is reporting as)
"x.x.x.x.22042 > 220.127.116.11.1027 [no cksum] udp 808 [ttl 1] (id
56983, len 836) [tos 0xc0] (ttl 245, id 40778, len 56)"
What would the point be in this? Fingerprinting? I did see several
attempts to different subnets, specific IP's and broadcast... I am
guessing just to see what will get past the ACL's. But... A one way
error message would not receive a response... And no responses were
noted... No outbound traffic was noted...
Joel Esler, GCIA
More information about the list