Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 16 Dec 2001 22:32:19 -0300 (ART)
From:      Fernando Gleiser <fgleiser@cactus.fi.uba.ar>
To:        Frederico Costa <frederico.costa@tiscali.no>
Cc:        <freebsd-questions@FreeBSD.ORG>
Subject:   RE: Question about IPFW and ICMP:8.0
Message-ID:  <20011216221603.R90119-100000@cactus.fi.uba.ar>
In-Reply-To: <000001c1868f$6c05a880$0301a8c0@maxi>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 17 Dec 2001, Frederico Costa wrote:

> Ok, thanks for the prmpt reply.
>
> Ok, i found another one ICMP:11.0.

8:0 is echo request. Some (user|process) is trying to ping the remote
host.

11.0 is time excedded (ICMP type 11) in transit (code 0). Someone is
runing a traceroute(8) against your host.


>
> But are these echo request normal? And why are they always for the same
> server ?

By far, the most of the ICMP echo request are generated by ping. I wouldn't
worry about them. If you want to have a closer look, run tcpdump and
capture those packets.

I'd recommend you go and read Stevens'  "TCP/IP Illustrated, vol1: the
protocols". It is one of the best books on TCP/IP.

				Fer

>
> Thanks
>
> Frederico
>
> > -----Original Message-----
> > From: Oliver, Michael W. [mailto:oliver.michael@gargantuan.com]
> > Sent: 17 December 2001 01:10
> > To: 'Frederico Costa'; freebsd-questions@FreeBSD.ORG
> > Subject: RE: Question about IPFW and ICMP:8.0
> >
> >
> > See RFC 792....
> >
> > ICMP 8.0 is an ECHO request, initiated from the source
> > address in your log file.
> >
> > ===========
> > Michael Oliver
> >
> > -----Original Message-----
> > From: Frederico Costa [mailto:frederico.costa@tiscali.no]
> > Sent: Sunday, December 16, 2001 7:04 PM
> > To: freebsd-questions@FreeBSD.ORG
> > Subject: Question about IPFW and ICMP:8.0
> >
> >
> > Hi all ...
> >
> > I have been using FreeBSD for almost 5 years, and lately
> > because of the several attempts to penetrate my system, I
> > have set up ipfw to restrict access from the outside to my network.
> >
> > Everything is working quiet well, but I am getting the
> > following log from ipfw several times:
> >
> > server /kernel: ipfw: 65435 Deny ICMP:8.0 213.142.81.223
> > 64.4.13.33 out via tun0
> >
> > I have been able to understand most of the logs, but this one
> > I just understand that ICMP is trying to send something out
> > to server 64.4.13.33. but it is saying ICMP:8.0 What that means ?
> >
> > And why should my server initiate connection without my knowledge ?
> >
> > Thanks in advance for any information...
> >
> > Frederico
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-questions" in the body of the message
> >
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011216221603.R90119-100000>