RE: What could this icmp mean?

From: Pablo Moore (pemoore_at_fedex.com)
Date: 02/24/05

  • Next message: Andrew Shore: "RE: tool to log file access" 
    Date: Thu, 24 Feb 2005 16:12:47 -0600
To: <security-basics@securityfocus.com>

    It looks like 10.30.1.16 may have a default route to 10.30.1.254 if it
    can't find something. Your next hop from 10.30.0.1 should have been
    10.30.1.1 to get to the 10.30.1.0 subnet.

    I have no idea why you're getting a bad checksum. It could be as simple
    as a faulty cable causing this, or as complex as the two routers
    fighting over half/full duplex mode.

    Also, if you have "do not fragment" turned on, you may be killing your
    VPN connection.

    Just my humble opinion.

    Paul Moore
    Security & Business Continuity
    FedEx Express Corporation

    -----Original Message-----
    From: Tomas [mailto:s.tomas@gmail.com] Sent: Tuesday, February 22, 2005
    7:11 AM
    To: security-basics@securityfocus.com
    Subject: What could this icmp mean?

    Hello list,

    We have networks (10.30.0.0/24 and 10.30.1.0/24) connected trough VPN
    and
    one internet line. The gateways for VPN are 10.30.0.1 from one side and
    10.30.1.1 from the other, and 10.30.1.254 for internet (for both
    networks).

    I've launched tcpdump today on my internet firewall's internal interface
    (10.30.1.254) and I found this:

    10.30.1.254 > 10.30.1.16: icmp: redirect 10.30.0.4 to host 10.30.1.1 for
    10.30.1.16.445 > 10.30.0.4.1959: [|tcp] (DF) (ttl 127, id 7691, bad
    cksum
    c76d! differs by 100) (ttl 255, id 23807)

    I'm a bit confused, what could this icmp mean? First of all, I'm sure
    that
    neither of these hosts (10.30.1.254, 10.30.1.16, 10.30.0.4) are sending
    any
    icmp requests (I'm not sure about 10.30.1.1; it's not in my control).
    And
    the second of all, why the checksum is bad?

  • Next message: Andrew Shore: "RE: tool to log file access"

    Relevant Pages

    • RE: [fw-wiz] Worms, Air Gaps and Responsibility
      ... Internet (albeit over VPN tunnels). ... Since a lot of networks span multiple sites, ...
      (Firewall-Wizards)
    • Re: Questions about ICMP
      ... If you blanket block all ICMP, you break many parts of the TCP/IP protocol. ... ICMP is called the 'internet control message protocol' for a reason. ... Now, blocking ICMP types 4 and 5 might be useful, and blocking several ... There is a conglomeration of interconnected networks, ...
      (Fedora)
    • Jeff L. -- networking question -- slightly OT
      ... I want to connect 2 wired networks securely via the internet and am ... considering VPN routers. ... Both networks are wired, and at different locations. ...
      (alt.internet.wireless)
    • Re: Remote desktop sharing
      ... Both SBS2000 networks are on 192.168.16.x, so does that knock out a VPN? ... the two SBS LANs will need to be on separate ... >> a WinXPpro TS login to the internet). ...
      (microsoft.public.backoffice.smallbiz2000)
    • Re: tpg cancel attack
      ... Internet connections to move traffic. ... common set of communications protocols. ... The vast collection of inter-connected networks across the world that ... A worldwide network of computer networks. ...
      (talk.politics.guns)