RE: What could this icmp mean?
From: Andrew Shore (andrew.shore_at_holistecs.com)
Date: 02/24/05
- Previous message: Andrew Shore: "RE: Help me"
- Maybe in reply to: Tomas: "What could this icmp mean?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 24 Feb 2005 22:51:58 -0000 To: "Tomas" <s.tomas@gmail.com>, <security-basics@securityfocus.com>
These are ICMP redirect packets.
Your default route is not the best to the desired network so the router
is telling the client to use a different router.
Its to reduce the traffic on the network.
HTH
-----Original Message-----
From: Tomas [mailto:s.tomas@gmail.com]
Sent: 22 February 2005 13:11
To: security-basics@securityfocus.com
Subject: What could this icmp mean?
Hello list,
We have networks (10.30.0.0/24 and 10.30.1.0/24) connected trough VPN
and
one internet line. The gateways for VPN are 10.30.0.1 from one side and
10.30.1.1 from the other, and 10.30.1.254 for internet (for both
networks).
I've launched tcpdump today on my internet firewall's internal interface
(10.30.1.254) and I found this:
10.30.1.254 > 10.30.1.16: icmp: redirect 10.30.0.4 to host 10.30.1.1 for
10.30.1.16.445 > 10.30.0.4.1959: [|tcp] (DF) (ttl 127, id 7691, bad
cksum
c76d! differs by 100) (ttl 255, id 23807)
I'm a bit confused, what could this icmp mean? First of all, I'm sure
that
neither of these hosts (10.30.1.254, 10.30.1.16, 10.30.0.4) are sending
any
icmp requests (I'm not sure about 10.30.1.1; it's not in my control).
And
the second of all, why the checksum is bad?
- Previous message: Andrew Shore: "RE: Help me"
- Maybe in reply to: Tomas: "What could this icmp mean?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
