Re: [FUG-BR] Mensagens de ICMP [OFF]
Ademir Costa Peixoto wrote: Prezados, Quando uso um tcpdump -n icmp recebo esse retorno abaixo. O que pode ser? Virus? Ataques DoS? Parecem alguns pacotes de um traceroute. -- Giovanni P. Tirloni http://blog.tirloni.org ___ Freebsd mailing list Freebsd@fug.com.br http://mail.fug.com.br/mailman/listinfo/freebsd_fug.com.br
Re: [FUG-BR] Mensagens de ICMP
em linux, poderia ter ligacao com o tamanho da conntrack e qqr solicitacao ping retornaria tempo excedido --- reply --- From: [EMAIL PROTECTED] To: Freebsd@fug.com.br Subject: [FUG-BR] Mensagens de ICMP Date: 2006-02-02 09:50:17 -- Prezados, Quando uso um tcpdump -n icmp recebo esse retorno abaixo. O que pode ser? Virus? Ataques DoS? 09:43:10.608708 IP 200.254.103.29 192.168.0.17: icmp 36: time exceeded in-transit 09:43:10.696727 IP 200.254.103.29 192.168.0.16: icmp 36: time exceeded in-transit 09:43:10.749282 IP 200.216.137.219 192.168.0.17: icmp 36: host 200.149.71 96 unreachable 09:43:10.905689 IP 200.254.103.29 192.168.0.16: icmp 36: time exceeded in-transit 09:43:11.675079 IP 200.254.103.29 192.168.0.17: icmp 36: time exceeded in-transit 09:43:11.738560 IP 200.254.103.29 192.168.0.16: icmp 36: time exceeded in-transit 09:43:12.077517 IP 200.254.103.29 192.168.0.16: icmp 36: time exceeded in-transit 09:43:12.652459 IP 200.254.103.29 192.168.0.17: icmp 36: time exceeded in-transit 09:43:12.899489 IP 200.254.103.29 192.168.0.16: icmp 36: time exceeded in-transit 09:43:13.175427 IP 200.254.103.29 192.168.0.16: icmp 36: time exceeded in-transit 09:43:13.224105 IP 200.254.103.29 192.168.0.17: icmp 36: time exceeded in-transit 09:43:13.944224 IP 200.254.103.29 192.168.0.16: icmp 36: time exceeded in-transit 09:43:14.185717 IP 200.254.103.29 192.168.0.17: icmp 36: time exceeded in-transit 09:43:14.236215 IP 200.254.103.29 192.168.0.16: icmp 36: time exceeded in-transit 09:43:15.147459 IP 200.254.103.29 192.168.0.17: icmp 36: time exceeded in-transit 09:43:15.809940 IP 200.254.103.29 192.168.0.16: icmp 36: time exceeded in-transit 09:43:16.087897 IP 200.254.103.29 192.168.0.16: icmp 36: time exceeded in-transit 09:43:16.124814 IP 200.254.103.29 192.168.0.17: icmp 36: time exceeded in-transit 09:43:17.021756 IP 200.254.103.29 192.168.0.16: icmp 36: time exceeded in-transit 09:43:17.095507 IP 200.254.103.29 192.168.0.17: icmp 36: time exceeded in-transit 09:43:17.208730 IP 200.254.103.29 192.168.0.16: icmp 36: time exceeded in-transit 09:43:18.263573 IP 200.254.103.29 192.168.0.16: icmp 36: time exceeded in-transit 09:43:18.303561 IP 200.254.103.29 192.168.0.16: icmp 36: time exceeded in-transit 09:43:18.381342 IP 200.254.103.29 192.168.0.17: icmp 36: time exceeded in-transit 09:43:19.350405 IP 200.254.103.29 192.168.0.16: icmp 36: time exceeded in-transit 09:43:19.471750 IP 200.254.103.29 192.168.0.17: icmp 36: time exceeded in-transit 09:43:20.667038 IP 200.254.103.29 192.168.0.17: icmp 36: time exceeded in-transit 09:43:20.667258 IP 200.254.103.29 192.168.0.17: icmp 36: time exceeded in-transit 09:43:21.667827 IP 200.254.103.29 192.168.0.17: icmp 36: time exceeded in-transit 09:43:22.707457 IP 200.254.103.29 192.168.0.17: icmp 36: time exceeded in-transit 09:43:23.808854 IP 200.254.103.29 192.168.0.17: icmp 36: time exceeded in-transit 09:43:24.215019 IP 201.8.227.182 192.168.0.15: icmp 36: 201.8.227.182 udp port 42254 unreachable 09:43:24.217813 IP 201.8.227.182 192.168.0.15: icmp 36: 201.8.227.182 udp port 54498 unreachable 09:43:24.225201 IP 201.8.227.182 192.168.0.15: icmp 36: 201.8.227.182 udp port 54499 unreachable 09:43:24.239339 IP 201.8.227.182 192.168.0.15: icmp 36: 201.8.227.182 udp port 54500 unreachable 09:43:24.241174 IP 201.8.227.182 192.168.0.15: icmp 36: 201.8.227.182 udp port 54501 unreachable 09:43:24.446637 IP 201.8.227.182 192.168.0.15: icmp 36: 201.8.227.182 udp port 42254 unreachable 09:43:24.457354 IP 201.8.227.182 192.168.0.15: icmp 36: 201.8.227.182 udp port 54498 unreachable 09:43:24.463430 IP 201.8.227.182 192.168.0.15: icmp 36: 201.8.227.182 udp port 54500 unreachable 09:43:24.469541 IP 201.8.227.182 192.168.0.15: icmp 36: 201.8.227.182 udp port 54501 unreachable 09:43:24.625433 IP 201.8.227.182 192.168.0.15: icmp 36: 201.8.227.182 udp port 42254 unreachable 09:43:24.627102 IP 201.8.227.182 192.168.0.15: icmp 36: 201.8.227.182 udp port 54498 unreachable 09:43:24.631124 IP 201.8.227.182 192.168.0.15: icmp 36: 201.8.227.182 udp port 54499 unreachable 09:43:24.635713 IP 201.8.227.182 192.168.0.15: icmp 36: 201.8.227.182 udp port 54500 unreachable 09:43:24.644409 IP 201.8.227.182 192.168.0.15: icmp 36: 201.8.227.182 udp port 54501 unreachable 09:43:24.664237 IP 201.8.227.182 192.168.0.15: icmp 36: 201.8.227.182 udp port 54709 unreachable 09:43:24.664649 IP 201.8.227.182 192.168.0.15: icmp 36: 201.8.227.182 udp port 54710 unreachable 09:43:24.665026 IP 201.8.227.182 192.168.0.15: icmp 36: 201.8.227.182 udp port 54711 unreachable 09:43:24.665439 IP 201.8.227.182 192.168.0.15: icmp 36: 201.8.227.182 udp port 54712 unreachable 09:43:24.670950 IP 201.8.227.182 192.168.0.15: icmp 36: 201.8.227.182 udp port 54713 unreachable 09:43:24.674424 IP
Re: [FUG-BR] Mensagens de ICMP
Quando uso um tcpdump -n icmp recebo esse retorno abaixo. O que pode ser? Virus? Ataques DoS? [...] 09:43:10.608708 IP 200.254.103.29 192.168.0.17: icmp 36: time exceeded in-transit 09:43:10.696727 IP 200.254.103.29 192.168.0.16: icmp 36: time exceeded in-transit 09:43:10.749282 IP 200.216.137.219 192.168.0.17: icmp 36: host 200.149.71 96 unreachable Pode ser tanto problema de roteamento (TTL, Time-To-Live, acima do permitido, em geral 255 hops) quanto máquinas com vírus tentando atacar outra rede (a mensagem seria de máquina que não estão ativas já que os vírus buscam a rede inteira sem distinção). -- []'s +--+---+ | Helio Alexandre Lopes Loureiro | Unix _is_ user friendly. It's | |[helio arroba loureiro pto eng pto br]| just selective about who its | | http://helio.loureiro.eng.br | friends are. Marco Molteni. | +--+---+ ___ Freebsd mailing list Freebsd@fug.com.br http://mail.fug.com.br/mailman/listinfo/freebsd_fug.com.br