On Saturday 13 September 2003 03.24, Roman Neuhauser wrote: > # [EMAIL PROTECTED] / 2003-09-12 05:37:17 +0200: > > I 've got a message in my logfiles that I don't understand. > > The ip-addresses are none that I'm to my knowing are associated > > with. Wonder what it is or if it's anything to worry about. > > > > odin.swedehost.com kernel log messages: > > > icmp redirect from 184.108.40.206: 220.127.116.11 => > > > 18.104.22.168 > > > > Checking up on the above Ip-addresses don't ring any bells ider. > > Looks like your machine was sending traffic to 22.214.171.124, > and an intermediate host at 126.96.36.199 sent an ICMP redirect > message telling it to send them to 188.8.131.52 instead. See RFC > 792. > > As for security concerns: any packet might have the source > address spoofed, and obeying ICMP type 5 messages in a hostile > environment (like the internet) means you're giving your network > traffic out for public consumption.
Thx for your answer. In my rc.conf file, I do have icmp_drop_redirect="YES" icmp_log_redirect="YES" but I guess that's not enough. Probably have to block in my firewall. After reading your reply, I've done some more digging, and this is what I've found. <snip> 5 Redirect [RFC792] Codes 0 Redirect Datagram for the Network (or subnet) 1 Redirect Datagram for the Host 2 Redirect Datagram for the Type of Service and Network 3 Redirect Datagram for the Type of Service and Host </snip> /Geir. _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"