Re: the router spams with echo requests
From: Chuck Swiger (cswiger_at_mac.com)
Date: 08/25/03
- Previous message: Stoyan Stratev: "the router spams with echo requests"
- In reply to: Stoyan Stratev: "the router spams with echo requests"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 25 Aug 2003 14:02:59 -0400 To: Stoyan Stratev <svs000@aubg.bg>
Stoyan Stratev wrote:
[ ... ]
> The ISP is using a network with hubs therefore we receive echo packets on
> the outside interface, that are not meant for our machine. The problem is
> that that the box forwards those packets multiple times and so the ISP
> thinks we have a virus or are doing portscans.
> i ran 'tcpdump -p -i rl1| grep echo' and noticed the following:
> we receive one packet:
> 20:50:02.596560 some.address.com > machine.on.our.subnet: icmp: echo request
> [tos 0x80]
> we send 20 packets very fast:
> 20:50:02.596851 our.router.com > machine.on.our.subnet: icmp: echo request
> [tos 0x80]
machine.on.our.subnet isn't your network broadcast address, correct?
This smells like a ICMP-amplification based denial-of-service, and I'd
double-check your internal machines. Have you sniffed your internal net to see
whether the ICMPs are coming from inside (and then being NATed)?
Consider blocking ICMP pings ("add deny icmp from any to any icmptypes 0,8")
until you've figured out what's going on.
-- -Chuck _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Stoyan Stratev: "the router spams with echo requests"
- In reply to: Stoyan Stratev: "the router spams with echo requests"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
