Hi,
> -----Original Message-----
> From: Melissa [mailto:mlovett_at_WARRIOR.MGC.PEACHNET.EDU]
> Sent: Friday, 2 February 2001 3:38 AM
> To: INCIDENTS_at_SECURITYFOCUS.COM
> Subject: Re: [INCIDENTS] ICMP_TIME_EXCEEDED to network address?
>
> Anyway, I am currently
> researching/solving a similar problem. I have discovered
> that multimedia
> keyboards send constant pings to the following address, at
> least on our
> network, 207.26.131.137. Our sniffer reports the Time
> Exceeded in Transit,
> TTL set to 1.
Next thing you know your watch will be pinging your
car to see if it's awake..
No idea why this might occur. Run it under a
debugger, it may produce some insights.
> Also, I have discovered that pathping, in Windows 2000,
> causes a report of
> Time exceeded in transit, TTL set to 1. If you have a
> sniffer, you can
> watch this. Just pathping any address, even on your network,
> and it will
> report Time to Live Exceeded in Transit, TTL 1.
This would be expected as it uses the time-exceeded
msgs to work out the path to the host. I'd guess it
sends a ping packet to the host with TTL=1 first, then
another with TTL=2 and so on until the host replies,
the icmp packets returned show the path.
ciao
dave
---
Dave Edwards
Justice Technology Division
Ph: +61 8 82265426 || 0408 808355
mailto: edwards.david2_at_saugov.sa.gov.au
Snail : Justice Technology Division
GPO Box 2048, Adelaide 5001
---
The information in this e-mail may be confidential and/or legally
privileged. Use or disclosure by anyone other than the intended
recipient is prohibited and may be unlawful. If you have received
this e-mail in error, please advise me immediately
---
Received on Feb 01 2001
Intro
