From: Kurt Seifried (bt@seifried.org)
Date: Sun Sep 14 2003 - 00:00:20 EDT
> While I was doing some researching work I ping a broadcast ip address
> and for my surprise i recieve an extrange response:
> Type: 3 (Destination unreachable)
> Code: 13 (Communication administratively filtered) <<< Weird!
Pretty much sums it up. Someone has an ACL or filter that replies with an
ICMP error message (Dest unreachable, reason: Communication administratively
filtered). This could be done in IPTables for example via "--reject-with"
(not sure if it will return that specific error) or in PF on OpenBSD with
"return-cimp" which "causes ICMP messages to be returned for packets which
match the rule. By default this is an ICMP UNREACHABLE message, however
this can be overridden by specifying a message as a code or number.". I'm
sure others like IOS/etc can also do it.
My bet: someone has a gateway firewall that blocks icmp traffic (and
possibly others) to broadcast addresses on their network and is polite
enough to send a response message saying so. Which is the right thing to do
in my opinion.
Kurt Seifried, kurt@seifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/
---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:39 EDT