ICMP type 5 code 1
Last response: in Networking
Archived from groups: comp.security.firewalls (More info?)
My firewall log reports an attack on vulnerability ICMP type 5 code 1 with a
LAN internal server as the source. Does anyone know what this is, what
causes it and how to prevent it?
Eirik
My firewall log reports an attack on vulnerability ICMP type 5 code 1 with a
LAN internal server as the source. Does anyone know what this is, what
causes it and how to prevent it?
Eirik
More about : icmp type code
Archived from groups: comp.security.firewalls (More info?)
Eirik wrote:
> My firewall log reports an attack on vulnerability ICMP type 5 code 1 with
> a LAN internal server as the source. Does anyone know what this is, what
> causes it and how to prevent it?
>
> Eirik
Hi,
ICMP Type 5 is a redirect. It makes the sender change his routing table to
use a shorter path. Obviously, this can be abused by an intruder to make a
man in the middle attack (send all your traffic to me), or numorous other
attempts. Therefore, your firewall concideres this to be an attack.
To prevent, block all icmp type 5 packets (what you already do propably).
iptables -A INPUT -p ICMP --icmp-type 5 -j DROP
Alex
Eirik wrote:
> My firewall log reports an attack on vulnerability ICMP type 5 code 1 with
> a LAN internal server as the source. Does anyone know what this is, what
> causes it and how to prevent it?
>
> Eirik
Hi,
ICMP Type 5 is a redirect. It makes the sender change his routing table to
use a shorter path. Obviously, this can be abused by an intruder to make a
man in the middle attack (send all your traffic to me), or numorous other
attempts. Therefore, your firewall concideres this to be an attack.
To prevent, block all icmp type 5 packets (what you already do propably).
iptables -A INPUT -p ICMP --icmp-type 5 -j DROP
Alex
Related ressources:
- ForumICMP Type:5 , Code:5
- ForumICMP Type 3
- ForumOk to let all ICMP traffic through firewall?
- ForumStrange ICMP packets
- ForumSurvive without ICMP ?
- ForumICMP
- ForumKerio 2. 1.5
- ForumICMP 3 & 11 incoming but no outgoing traffic
- ForumHow to Add Outbound ICMP Firewall Rule on Netgear DG834G
- ForumICMP Firewall Rules
- ForumSP 1 with Critical Updates vs. SP2
- ForumRouter locking up? help...
- Forum5 beep code issue
- ForumNew OS = slow Internet?
- ForumI 5 -2400/ASRock Mobo "INVALID CPU TYPE OR SPEED" error
- ForumHow to tell if a firewall alert is suspicious or not
- ForumPulling DHCP from Cable Modem instead of wireless router
- Forum'Code 10' Error
- Forumpower adaptor type
- ForumMN-500 Recovery Micro Code
- More resources
Read discussions in other Networking categories
!
