On Sun, Jan 14, 2001 at 02:50:51PM -0600, slim bones wrote:
> Although that's annoying, it's not going to hurt anything. Whoever's
> doing it can't gain any information from this activity. By itself it's
> not a threat. However, it could be intended as a distraction from other
> activity against your net.

It might also be fallout from someone spoofing your addresses to probe or
DoS the "BAD.GUY.NET.NODE" network.. You might want to capture some of
those packets with a sniffer and decode the payload of the icmp error.
That will give you a clue as to what packet caused the remote end to emit
an icmp 3/1 host unreachable..

> > Jan 5 01:04:46 icmp BAD.GUY.NET.NODE -> my.net.76.19 (3/1), 119 packets
> > Jan 5 01:05:00 icmp BAD.GUY.NET.NODE -> my.net.92.8 (3/1), 1 packet
> > Jan 5 01:05:09 icmp BAD.GUY.NET.NODE -> my.net.185.13 (3/1), 1 packet

--
                        Erik Fichtner; Unix Ronin
                    http://www.obfuscation.org/techs/
"The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself.  Therefore, all progress
depends on the unreasonable." -- George Bernard Shaw

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]