RE: ICMP Question Please Help

From: Andrew Blevins (ABlevins@arrowheadgrp.com)
Date: 10/20/01


Message-ID: <234A38B183F6D3119EC80008C708924602F02781@ArrowMail2>
From: Andrew Blevins <ABlevins@arrowheadgrp.com>
To: 'Rick Koenig' <rk4028@exchange.concordia.edu>, "'security-basics@securityfocus.com'" <security-basics@securityfocus.com>
Subject: RE: ICMP Question Please Help
Date: Fri, 19 Oct 2001 16:32:33 -0700

ICMP (Internet Control Message Protocol) is just a way for routers to
communicate with each other, and with the hosts they service. Unreachable
means that somewhere down the line (probably on the public side) an IP
packet that went out from your network was going somewhere a router didn't
have a gateway for, and it was killed and sent back with this obituary
message. As for DoS attacks, I don't think so, but I am definitly no expert
on the subject, so who knows? This isn't Nimda though, but it may be some
side effects of it. Anyone else?

Andrew Blevins

-----Original Message-----
From: Rick Koenig [mailto:rk4028@exchange.concordia.edu]
Sent: Thursday, October 18, 2001 1:06 PM
To: 'security-basics@securityfocus.com'
Subject: ICMP Question Please Help

Frequently my box running snort on mandrake linux displays the message

"ICMP Unreachable IP short header (1 byte)"

Can anyone please tell me what this message means and if it is a possible
nimdA or DoS attack. Im relatively new to intrusion detection so any help
would be greatly appreciated.

Thanks in advance,

Rick Koenig
Network Engineer
Concordia Universtiy @ Austin
(512)486-1170