Sign in with
Sign up | Sign in
Your question

ICMP type 5 code 1

Last response: in Networking
Share
Anonymous
a b 8 Security
April 21, 2004 3:30:52 PM

Archived from groups: comp.security.firewalls (More info?)

My firewall log reports an attack on vulnerability ICMP type 5 code 1 with a
LAN internal server as the source. Does anyone know what this is, what
causes it and how to prevent it?

Eirik

More about : icmp type code

Anonymous
a b 8 Security
April 21, 2004 4:36:46 PM

Archived from groups: comp.security.firewalls (More info?)

Eirik wrote:

> My firewall log reports an attack on vulnerability ICMP type 5 code 1 with
> a LAN internal server as the source. Does anyone know what this is, what
> causes it and how to prevent it?
>
> Eirik
Hi,

ICMP Type 5 is a redirect. It makes the sender change his routing table to
use a shorter path. Obviously, this can be abused by an intruder to make a
man in the middle attack (send all your traffic to me), or numorous other
attempts. Therefore, your firewall concideres this to be an attack.
To prevent, block all icmp type 5 packets (what you already do propably).
iptables -A INPUT -p ICMP --icmp-type 5 -j DROP

Alex
!