Archived from groups: microsoft.public.windowsnt.protocol.tcpip (
More info?)
Eirik <bla@bla.bla> wrote:
> My firewall log reports an attack on vulnerability ICMP type 5 code 1
> with a LAN internal server as the source. Does anyone know what this
> is, what causes it and how to prevent it?
>
See
http://www.iana.org/assignments/icmp-parameters
Type Name Reference
---- ------------------------- ---------
[...]
5 Redirect [RFC792]
Codes
0 Redirect Datagram for the Network (or subnet)
1 Redirect Datagram for the Host
2 Redirect Datagram for the Type of Service and Network
3 Redirect Datagram for the Type of Service and Host
[...]
On many networks this traffic is to be expected. See e.g.
http://support.microsoft.com/?kbid=195686 So whether this is attack or not
depends on the circumstances...
Have you got two routers on the LAN to which the firewall is attached? Is
the "LAN internal server" you refer to, one of them?
--
Alan J. McFarlane
http://homepage.ntlworld.com/alanjmcf/
Please follow-up in the newsgroup for the benefit of all.