RE: ICMP Question Please HelpFrom: Andrew Blevins (ABlevins@arrowheadgrp.com)
- Previous message: king: "SMTP alternative"
- Maybe in reply to: Rick Koenig: "ICMP Question Please Help"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <234A38B183F6D3119EC80008C708924602F02781@ArrowMail2> From: Andrew Blevins <ABlevins@arrowheadgrp.com> To: 'Rick Koenig' <firstname.lastname@example.org>, "'email@example.com'" <firstname.lastname@example.org> Subject: RE: ICMP Question Please Help Date: Fri, 19 Oct 2001 16:32:33 -0700
ICMP (Internet Control Message Protocol) is just a way for routers to
communicate with each other, and with the hosts they service. Unreachable
means that somewhere down the line (probably on the public side) an IP
packet that went out from your network was going somewhere a router didn't
have a gateway for, and it was killed and sent back with this obituary
message. As for DoS attacks, I don't think so, but I am definitly no expert
on the subject, so who knows? This isn't Nimda though, but it may be some
side effects of it. Anyone else?
Frequently my box running snort on mandrake linux displays the message
"ICMP Unreachable IP short header (1 byte)"
Can anyone please tell me what this message means and if it is a possible
nimdA or DoS attack. Im relatively new to intrusion detection so any help
would be greatly appreciated.
Thanks in advance,
Concordia Universtiy @ Austin