Re: [FUG-BR] Mensagens de ICMP [OFF]

2006-02-02 Por tôpico Giovanni P. Tirloni
Ademir Costa Peixoto wrote:
 Prezados,
 
 Quando uso um  tcpdump -n icmp recebo esse retorno abaixo. O que pode
 ser?
 Virus? Ataques DoS?

  Parecem alguns pacotes de um traceroute.

-- 
Giovanni P. Tirloni
http://blog.tirloni.org


___
Freebsd mailing list
Freebsd@fug.com.br
http://mail.fug.com.br/mailman/listinfo/freebsd_fug.com.br


Re: [FUG-BR] Mensagens de ICMP

2006-02-02 Por tôpico Vinicius Zavam
em linux,
poderia ter ligacao com o tamanho da conntrack
e qqr solicitacao ping retornaria tempo excedido




--- reply ---
 From: [EMAIL PROTECTED]
 To: Freebsd@fug.com.br
 Subject: [FUG-BR] Mensagens de ICMP
 Date: 2006-02-02 09:50:17
 --
 Prezados,
 
 Quando uso um  tcpdump -n icmp recebo esse retorno abaixo. O que pode
 ser?
 Virus? Ataques DoS?
 
  
 
 
 
 
 09:43:10.608708 IP 200.254.103.29  192.168.0.17: icmp 36: time exceeded
 in-transit
 09:43:10.696727 IP 200.254.103.29  192.168.0.16: icmp 36: time exceeded
 in-transit
 09:43:10.749282 IP 200.216.137.219  192.168.0.17: icmp 36: host 200.149.71
 96 unreachable
 09:43:10.905689 IP 200.254.103.29  192.168.0.16: icmp 36: time exceeded
 in-transit
 09:43:11.675079 IP 200.254.103.29  192.168.0.17: icmp 36: time exceeded
 in-transit
 09:43:11.738560 IP 200.254.103.29  192.168.0.16: icmp 36: time exceeded
 in-transit
 09:43:12.077517 IP 200.254.103.29  192.168.0.16: icmp 36: time exceeded
 in-transit
 09:43:12.652459 IP 200.254.103.29  192.168.0.17: icmp 36: time exceeded
 in-transit
 09:43:12.899489 IP 200.254.103.29  192.168.0.16: icmp 36: time exceeded
 in-transit
 09:43:13.175427 IP 200.254.103.29  192.168.0.16: icmp 36: time exceeded
 in-transit
 09:43:13.224105 IP 200.254.103.29  192.168.0.17: icmp 36: time exceeded
 in-transit
 09:43:13.944224 IP 200.254.103.29  192.168.0.16: icmp 36: time exceeded
 in-transit
 09:43:14.185717 IP 200.254.103.29  192.168.0.17: icmp 36: time exceeded
 in-transit
 09:43:14.236215 IP 200.254.103.29  192.168.0.16: icmp 36: time exceeded
 in-transit
 09:43:15.147459 IP 200.254.103.29  192.168.0.17: icmp 36: time exceeded
 in-transit
 09:43:15.809940 IP 200.254.103.29  192.168.0.16: icmp 36: time exceeded
 in-transit
 09:43:16.087897 IP 200.254.103.29  192.168.0.16: icmp 36: time exceeded
 in-transit
 09:43:16.124814 IP 200.254.103.29  192.168.0.17: icmp 36: time exceeded
 in-transit
 09:43:17.021756 IP 200.254.103.29  192.168.0.16: icmp 36: time exceeded
 in-transit
 09:43:17.095507 IP 200.254.103.29  192.168.0.17: icmp 36: time exceeded
 in-transit
 09:43:17.208730 IP 200.254.103.29  192.168.0.16: icmp 36: time exceeded
 in-transit
 09:43:18.263573 IP 200.254.103.29  192.168.0.16: icmp 36: time exceeded
 in-transit
 09:43:18.303561 IP 200.254.103.29  192.168.0.16: icmp 36: time exceeded
 in-transit
 09:43:18.381342 IP 200.254.103.29  192.168.0.17: icmp 36: time exceeded
 in-transit
 09:43:19.350405 IP 200.254.103.29  192.168.0.16: icmp 36: time exceeded
 in-transit
 09:43:19.471750 IP 200.254.103.29  192.168.0.17: icmp 36: time exceeded
 in-transit
 09:43:20.667038 IP 200.254.103.29  192.168.0.17: icmp 36: time exceeded
 in-transit
 09:43:20.667258 IP 200.254.103.29  192.168.0.17: icmp 36: time exceeded
 in-transit
 09:43:21.667827 IP 200.254.103.29  192.168.0.17: icmp 36: time exceeded
 in-transit
 09:43:22.707457 IP 200.254.103.29  192.168.0.17: icmp 36: time exceeded
 in-transit
 09:43:23.808854 IP 200.254.103.29  192.168.0.17: icmp 36: time exceeded
 in-transit
 09:43:24.215019 IP 201.8.227.182  192.168.0.15: icmp 36: 201.8.227.182 udp
 port 42254 unreachable
 09:43:24.217813 IP 201.8.227.182  192.168.0.15: icmp 36: 201.8.227.182 udp
 port 54498 unreachable
 09:43:24.225201 IP 201.8.227.182  192.168.0.15: icmp 36: 201.8.227.182 udp
 port 54499 unreachable
 09:43:24.239339 IP 201.8.227.182  192.168.0.15: icmp 36: 201.8.227.182 udp
 port 54500 unreachable
 09:43:24.241174 IP 201.8.227.182  192.168.0.15: icmp 36: 201.8.227.182 udp
 port 54501 unreachable
 09:43:24.446637 IP 201.8.227.182  192.168.0.15: icmp 36: 201.8.227.182 udp
 port 42254 unreachable
 09:43:24.457354 IP 201.8.227.182  192.168.0.15: icmp 36: 201.8.227.182 udp
 port 54498 unreachable
 09:43:24.463430 IP 201.8.227.182  192.168.0.15: icmp 36: 201.8.227.182 udp
 port 54500 unreachable
 09:43:24.469541 IP 201.8.227.182  192.168.0.15: icmp 36: 201.8.227.182 udp
 port 54501 unreachable
 09:43:24.625433 IP 201.8.227.182  192.168.0.15: icmp 36: 201.8.227.182 udp
 port 42254 unreachable
 09:43:24.627102 IP 201.8.227.182  192.168.0.15: icmp 36: 201.8.227.182 udp
 port 54498 unreachable
 09:43:24.631124 IP 201.8.227.182  192.168.0.15: icmp 36: 201.8.227.182 udp
 port 54499 unreachable
 09:43:24.635713 IP 201.8.227.182  192.168.0.15: icmp 36: 201.8.227.182 udp
 port 54500 unreachable
 09:43:24.644409 IP 201.8.227.182  192.168.0.15: icmp 36: 201.8.227.182 udp
 port 54501 unreachable
 09:43:24.664237 IP 201.8.227.182  192.168.0.15: icmp 36: 201.8.227.182 udp
 port 54709 unreachable
 09:43:24.664649 IP 201.8.227.182  192.168.0.15: icmp 36: 201.8.227.182 udp
 port 54710 unreachable
 09:43:24.665026 IP 201.8.227.182  192.168.0.15: icmp 36: 201.8.227.182 udp
 port 54711 unreachable
 09:43:24.665439 IP 201.8.227.182  192.168.0.15: icmp 36: 201.8.227.182 udp
 port 54712 unreachable
 09:43:24.670950 IP 201.8.227.182  192.168.0.15: icmp 36: 201.8.227.182 udp
 port 54713 unreachable
 09:43:24.674424 IP 

Re: [FUG-BR] Mensagens de ICMP

2006-02-02 Por tôpico Helio Loureiro

 Quando uso um  tcpdump -n icmp recebo esse retorno abaixo. O que pode
 ser?
 Virus? Ataques DoS?
 
[...]
 
 09:43:10.608708 IP 200.254.103.29  192.168.0.17: icmp 36: time exceeded
 in-transit
 09:43:10.696727 IP 200.254.103.29  192.168.0.16: icmp 36: time exceeded
 in-transit
 09:43:10.749282 IP 200.216.137.219  192.168.0.17: icmp 36: host 200.149.71
 96 unreachable


Pode ser tanto problema de roteamento (TTL, Time-To-Live, acima do
permitido, em geral 255 hops) quanto máquinas com vírus tentando atacar
outra rede (a mensagem seria de máquina que não estão ativas já que os
vírus buscam a rede inteira sem distinção).

-- 
[]'s
+--+---+
|  Helio Alexandre Lopes Loureiro  | Unix _is_ user friendly. It's |
|[helio arroba loureiro pto eng pto br]| just selective about who its  |
|   http://helio.loureiro.eng.br   | friends are.  Marco Molteni.  |
+--+---+


___
Freebsd mailing list
Freebsd@fug.com.br
http://mail.fug.com.br/mailman/listinfo/freebsd_fug.com.br