ICMP TYPE 3

From: gr00vy (groovy2600_at_yahoo.com.ar)
Date: 09/13/03

Next message: Chris Ess: "RE: Cracking a Netscreen password"

Previous message: Alfred Huger: "Results of the vote query"
Next in thread: Kurt Seifried: "Re: ICMP TYPE 3"
Reply: Kurt Seifried: "Re: ICMP TYPE 3"
Maybe reply: Sekurity Wizard: "RE: ICMP TYPE 3"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: pentest <pen-test@securityfocus.com>
Date: 13 Sep 2003 01:00:26 -0300

While I was doing some researching work I ping a broadcast ip address
and for my surprise i recieve an extrange response:

FIRST RESPONSE:

Internet Protocol, Src Addr: 200-70-xxx-164.rse.com.ar (200.70.xxx.164),
Dst Addr: 200-70-xxx-121.rse.com.ar (200.70.xxx.121)
Internet Control Message Protocol
Type: 0 (Echo (ping) reply)
Code: 0

SECOND RESPONSE:

Internet Protocol, Src Addr: 172.xxx.230.242 (172.xxx.230.242), Dst
Addr: 200-70-xxx-121.rse.com.ar (200.70.xxx.121)
Internet Control Message Protocol
Type: 3 (Destination unreachable)
Code: 13 (Communication administratively filtered) <<< Weird!

The OS's seems to be (xprobe):

First ROUTER
[+] Host 200.70.xxx.164 Running OS: "HP JetDirect ROM G.07.02 EEPROM
G.07.20" (Guess probability: 87%)

Second ROUTER
[+] Host 172.xxx.230.242 Running OS: "Cisco IOS 12.2" (Guess
probability: 71%)

My question is, what is it? an ACL? why do i get a response of a machine
i did not ping??? maybe it is a extrange behavior from Cisco ios.
This might help to fingerprint Os's who knows ????

Bye

-- 
gr00vy <groovy2600@yahoo.com.ar>
Linux User -- ZenCracking.com.ar
---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL 
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment 
technology powered by the award-winning FoundScan engine. Try it free for  21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------

Next message: Chris Ess: "RE: Cracking a Netscreen password"

Previous message: Alfred Huger: "Results of the vote query"
Next in thread: Kurt Seifried: "Re: ICMP TYPE 3"
Reply: Kurt Seifried: "Re: ICMP TYPE 3"
Maybe reply: Sekurity Wizard: "RE: ICMP TYPE 3"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Who is to Blame for the Katrina SNAFU?
... >> Mayor Nagin was in charge of the first response, ... >> and it does not seem unreasonable to say that the first response is the ... Our federal response might be slow, ... >> incompetent, corrupt, and Democrats. ...
(alt.politics)
Re: Who is to Blame for the Katrina SNAFU?
... >>Mayor Nagin was in charge of the first response, ... and President ... >>and it does not seem unreasonable to say that the first response is the ... Our federal response might be slow, ...
(alt.politics)
Re: Who is to Blame for the Katrina SNAFU?
... >> Mayor Nagin was in charge of the first response, ... >> Bush is in charge of them. ... >> and it does not seem unreasonable to say that the first response is the ... >If it makes you feel better to blame the local governments to make Bush ...
(alt.politics.bush)
Re: Who is to Blame for the Katrina SNAFU?
... >> Mayor Nagin was in charge of the first response, ... Second responders are state-based, and Democrat ... >> and it does not seem unreasonable to say that the first response is the ... Our federal response might be slow, ...
(alt.politics.bush)
Re: Best way to wait for 5 sec between executing statements?
... >It's 'usual' for serial port components to create a read thread internally. ... In protocol exchanges like this, ... occures while the first response is being processed. ...
(borland.public.delphi.language.objectpascal)