Security Incidents mailing list archives

Re: ICMP code 3 type 2 scans?

From: Russell Fulton <r.fulton () auckland ac nz>
Date: Tue, 5 Jun 2001 12:49:10 +1200 (NZST)


On Mon, 4 Jun 2001 09:48:40 -0500 (CDT) Glenn Forbes Fleming Larratt 
<glratt () io com> wrote:

Never seen these before this week, and now have two in rapid succession.
New exploit? I *know* that my whole Class B is not banging on that
one 24-net host, especially the unallocated subnets :|


Hmmm... given the random nature or the destination addresses I would 
guess that this is the fall out from at DoS of some type where someone 
is forging your address on DoS packets. I regularly see traffic like 
this but usually code 0, 1 or 3 rather than 2.


Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand

Current thread:

ICMP code 3 type 2 scans? Glenn Forbes Fleming Larratt (Jun 04)
- Re: ICMP code 3 type 2 scans? Russell Fulton (Jun 05)
- <Possible follow-ups>
- RE: ICMP code 3 type 2 scans? john . smith (Jun 05)