[clug] Dropped icmp packets - means what?
Sam Couter
sam at couter.dropbear.id.au
Mon Aug 25 17:54:26 EST 2003
Felix Karpfen <felixk at webone.com.au> wrote:
> e) these latest pings use the icmp protocol, all are sent from port 8
> and all are directed at port 0.
>
> And I understand _none_ of the information contained in e).
ICMP is a control protocol. It's used by computers to signal funny stuff
like "nobody listening on that port!", amongst other things. ICMP type 8
(not port 8) is ECHO_REQUEST. It means "Please send me an ECHO_REPLY
packet", which is just another ICMP packet type.
The port 0 bit is really an ICMP code. That field is sometimes used as a
subtype field for ICMP messages. ICMP ECHO doesn't have any use for it.
> Once a week (on Saturdays), for my edification and entertainment, I run
> a reverse DNS lookup on all the uninvited visitors whose pings have got
> dropped. While the full output of the last lookup would lead to an even
> longer attachment, I am forwarding a fraction of the messages sent to
> the console during the latest reverse DNS - just to give flavour to my
> puzzlement.
Ignore them. This is the action of a worm that only affects Win32
systems (I think it's called Nachi). If your system isn't Win32, or if
it's patched, you don't need to worry. The ICMP packets will come from
infected Win32 systems all over the 'net.
--
Sam "Eddie" Couter | mailto:sam at couter.dropbear.id.au
Debian Developer | mailto:eddie at debian.org
| jabber:sam at teknohaus.dyndns.org
OpenPGP fingerprint: A46B 9BB5 3148 7BEA 1F05 5BD5 8530 03AE DE89 C75C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/linux/attachments/20030825/602f3d05/attachment.bin
More information about the linux
mailing list