Archived from groups: comp.security.firewalls (More info?)
> My firewall log reports an attack on vulnerability ICMP type 5 code 1 with
> a LAN internal server as the source. Does anyone know what this is, what
> causes it and how to prevent it?
ICMP Type 5 is a redirect. It makes the sender change his routing table to
use a shorter path. Obviously, this can be abused by an intruder to make a
man in the middle attack (send all your traffic to me), or numorous other
attempts. Therefore, your firewall concideres this to be an attack.
To prevent, block all icmp type 5 packets (what you already do propably).
iptables -A INPUT -p ICMP --icmp-type 5 -j DROP