RE: ICMP TYPE 3

From: R. DuFresne (dufresne@sysinfo.com)
Date: Mon Sep 15 2003 - 14:13:20 EDT

• Next message: Mark Evans: "RE: Cracking a Netscreen password"
• Previous message: Peter Parker: "Verification of system binaries"
• In reply to: Sekurity Wizard: "RE: ICMP TYPE 3"
• Next in thread: Byron Copeland: "RE: ICMP TYPE 3"
• Reply: Byron Copeland: "RE: ICMP TYPE 3"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

And this is a good thing, as being able to ping the broadcast address can
create a ping storm. There are still many sites that are not setup to
prevent this and used as tools to ping flood others.

Thanks,

Ron DuFresne

On Sun, 14 Sep 2003, Sekurity Wizard wrote:

> That's your default route....it's telling you that you can't do what
> you're trying to do.
>
> -----Original Message-----
> From: gr00vy [mailto:groovy2600@yahoo.com.ar]
> Sent: Saturday, September 13, 2003 12:00 AM
> To: pentest
> Subject: ICMP TYPE 3
>
>
> While I was doing some researching work I ping a broadcast ip address
> and for my surprise i recieve an extrange response:
>
> FIRST RESPONSE:
>
> Internet Protocol, Src Addr: 200-70-xxx-164.rse.com.ar (200.70.xxx.164),
> Dst Addr: 200-70-xxx-121.rse.com.ar (200.70.xxx.121) Internet Control
> Message Protocol
> Type: 0 (Echo (ping) reply)
> Code: 0
>
> SECOND RESPONSE:
>
> Internet Protocol, Src Addr: 172.xxx.230.242 (172.xxx.230.242), Dst
> Addr: 200-70-xxx-121.rse.com.ar (200.70.xxx.121)
> Internet Control Message Protocol
> Type: 3 (Destination unreachable)
> Code: 13 (Communication administratively filtered) <<< Weird!
>
> The OS's seems to be (xprobe):
>
> First ROUTER
> [+] Host 200.70.xxx.164 Running OS: "HP JetDirect ROM G.07.02 EEPROM
> G.07.20" (Guess probability: 87%)
>
> Second ROUTER
> [+] Host 172.xxx.230.242 Running OS: "Cisco IOS 12.2" (Guess
> probability: 71%)
>
>
> My question is, what is it? an ACL? why do i get a response of a machine
> i did not ping??? maybe it is a extrange behavior from Cisco ios. This
> might help to fingerprint Os's who knows ????
>
> Bye
>

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart
testing, only testing, and damn good at it too!
---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL 
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment 
technology powered by the award-winning FoundScan engine. Try it free for  21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------

• Next message: Mark Evans: "RE: Cracking a Netscreen password"
• Previous message: Peter Parker: "Verification of system binaries"
• In reply to: Sekurity Wizard: "RE: ICMP TYPE 3"
• Next in thread: Byron Copeland: "RE: ICMP TYPE 3"
• Reply: Byron Copeland: "RE: ICMP TYPE 3"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:40 EDT