Security Incidents: Re: ICMP time exceed in-transit packets

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: ICMP time exceed in-transit packets

From: rquinn () SEC SPRINT NET (Rob Quinn)
Date: Thu, 30 Dec 1999 13:30:44 -0500

22:32:06.344676 210.207.190.33 > sanitized.84.0: icmp: time exceeded in-transit


 You get these back from tracerouting, or when a packet takes too many hops,
usually due to a routing loop. 210.207.190.33 is a cisco.
 An older version of some popular software (Nuke Nabber?) identifies these
packets as an attack, causing us to receive tons of semi-automated compliants
about or backbone routers.

--
| Opinions are _mine_, facts                                     Rob Quinn |
| are facts.                                                 (703)689-6582 |
|                                                    rquinn () sec sprint net |
|                                                Sprint Corporate Security |

By Date By Thread

Current thread:

Re: ICMP time exceed in-transit packets Rob Quinn (Dec 30)
- Re: ICMP time exceed in-transit packets Chris Brenton (Dec 28)
- :8 -> :0 Wittenberg, Daniel (Dec 31)