Date: Mon, 19 Feb 2001 14:55:32 +1100 From: Tony Landells <ahl@austclear.com.au> To: John Indra <john@office.naver.co.id> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: What does "icmp redirect" mean? Message-ID: <200102190355.OAA02453@tungsten.austclear.com.au> In-Reply-To: Your message of "Mon, 19 Feb 2001 10:07:23 %2B0700." <20010219100723.A88821@office.naver.co.id>
next in thread | previous in thread | raw e-mail | index | archive | help
> Hi all...
>
> I have this line in my /etc/rc.conf:
> icmp_log_redirect="YES"
>
> One day, I saw this in my daily crontab run message:
> icmp redirect from 1.2.3.4: 2.3.4.5 => 2.3.4.5
>
> What does it mean?
Well, it would probably look more sensible if you put in the real IP
addresses and something of your network topology...
An ICMP redirect is an indication that you sent a packet to the wrong
place, and you could have sent it to the right place.
For example, consider this setup:
192.168.1.0/24
-------------------------------------------
| | |
1| |100 |200
----- ----- -----
PC router router
----- -----
|100 |
| |
-------------- ----- Lots of networks
192.168.2.0/24
For simplicity, you just set a default route on the PC that points
to 192.168.1.200, which is a router connected to lots of networks,
but not 192.168.2.0/24.
When the PC tries to talk to 192.168.2.5, it realises the address
is not local and sends the packet to the default router. The router
at 192.168.1.200 looks at it, and realises that the best route is
back the way the packet came in, and sends it to 192.168.1.100.
In addition, 192.168.1.200 figures you don't know 192.168.1.100 is
the gateway to 192.168.2.0, so it sends an ICMP redirect which says
"you sent this packet to me, but you should be able to talk to the
correct gateway which is 192.168.1.100".
Basically it's trying to avoid unnecessary handling.
In many cases people prefer to have most systems with just a default
route, which is why you don't even necessarily want to log ICMP redirects.
However, an attacker could inject ICMP redirects into your network to
get you to send traffic somewhere it shouldn't go (like his PC), so
many people like to configure "sensitive" systems to ignore ICMP redirects,
and to have them logged in various places on their network.
Cheers,
Tony
--
Tony Landells <ahl@austclear.com.au>
Senior Network Engineer Ph: +61 3 9677 9319
Australian Clearing Services Pty Ltd Fax: +61 3 9677 9355
Level 4, Rialto North Tower
525 Collins Street
Melbourne VIC 3000
Australia
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102190355.OAA02453>