ICMP type 5 code 1

Archived from groups: comp.security.firewalls (More info?)

My firewall log reports an attack on vulnerability ICMP type 5 code 1 with a
LAN internal server as the source. Does anyone know what this is, what
causes it and how to prevent it?

Eirik
1 answer Last reply
More about icmp type code
  1. Archived from groups: comp.security.firewalls (More info?)

    Eirik wrote:

    > My firewall log reports an attack on vulnerability ICMP type 5 code 1 with
    > a LAN internal server as the source. Does anyone know what this is, what
    > causes it and how to prevent it?
    >
    > Eirik
    Hi,

    ICMP Type 5 is a redirect. It makes the sender change his routing table to
    use a shorter path. Obviously, this can be abused by an intruder to make a
    man in the middle attack (send all your traffic to me), or numorous other
    attempts. Therefore, your firewall concideres this to be an attack.
    To prevent, block all icmp type 5 packets (what you already do propably).
    iptables -A INPUT -p ICMP --icmp-type 5 -j DROP

    Alex
Ask a new question

Read More

Firewalls Security Networking