I appreciate the info as to what ICMP 5 is, but what I really want to know is what causes the redirect? Is this an attempted DOS attack? Is it simply packets that are falling behind and considered stale?
If it is some type of attack should I do something to my gateway to keep it from forwarding redirects? Any information would be helpful. Thanks! -----Original Message----- From: Ted Bardusch [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 15, 2002 7:42 PM To: Reasoner, Bob (PHES); [EMAIL PROTECTED] Subject: RE: [gb-users] Unusual alarm? ICMP 5 is redirect - see http://www.iana.org/assignments/icmp-parameters -----Original Message----- From: Reasoner, Bob (PHES) [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 15, 2002 1:31 PM To: '[EMAIL PROTECTED]' Subject: [gb-users] Unusual alarm? I receive an unusual alarm about once or twice a month that appears to come from my gateway router and my external dns server. The following is an excerpt of the alarm from my Cisco router: ALARM NO: 1 DATE: Tue 2002-01-15 13:59:55 CST PRIORITY: 4 INTERFACE: Pro 100 External (fxp0) INTERFACE TYPE: External ALARM TYPE: Block IP PACKET: ICMP [xxx.xxx.xxx.xxx/5]-->[xxx.xxx.xxx.xxx/5] l=32 f=0x0 [phes-inet.hd.co.harris.tx.us/5]-->[ext-212.hd.co.harris.tx.us/5] DETAILED DESCRIPTION: IP packet was rejected by filter 16. Filter 16 is the default "Stealth" filter. It is always pointing at an alias which in turn points to a range of devices behind my gb-flash. The one from my external DNS server is the same with the exception of it using port 53 (DNS) translating to some extremely high port number. I'm assuming that these are some type of stale packets, but can't figure out what is causing them. Any suggestions? Bob Reasoner Harris County Public Health & Environmental Services
