If you're asking what ICMP types and codes are, you can check it out on our
web page:
http://www.intersec.com/support/qrc-icmp.htm
For protocol 1 (ICMP):
type=0 is echo-reply
type=8 is echo-request
FYI, it might be another one of those annoying "Smart load balancers". Can
you correlate this with some web browsing? If so, I'd be that this is this
the valid IP address that your internal DNS server comes out with on the
internet? I've noticed they target the IP address that the DNS request
comes from and try to use ICMP and a number of tricks via port 53/udp to get
a response they can use to find out how far away you are from each of the
points it can serve data from. Usatoday.com does this and it's quite
annoying to see in my logs every time someone looks at the news.
// Chris
tobkin_at_intersec.com
-----Original Message-----
From: Kevin van Haaren [mailto:kevinv_at_HOCKEY.NET]
Sent: Sunday, December 03, 2000 9:27 AM
To: INCIDENTS_at_SECURITYFOCUS.COM
Subject: strange ICMP traffic?
Perhaps someone can help me understand what's showing up in my logs.
My firewall is showing a number of blocked ICMP packets as shown
below. A machine on an IP address right next to mine doesn't show
this traffic so it appears to be targeted at me (I can't imagine why,
this is just a home network). Since the sending machines are using
Parameter 8, to Parameter 0 on my machine this is a ping response
(echo reply)? Or is it requesting a ping reply from my machine?
[...]
Received on Dec 06 2000
Intro
