[72] in RedHat Linux List
Re: Should be I concerned about...
daemon@ATHENA.MIT.EDU (Robert Hart)
Sun Oct 20 17:06:44 1996
Date: Mon, 21 Oct 1996 07:05:19 +1000 (EST)
From: Robert Hart <hartr@interweft.com.au>
Reply-To: Robert Hart <iweft@ipax.com.au>
To: redhat-list@redhat.com
In-Reply-To: <Pine.LNX.3.91.961020104258.20512B-100000@washington.patriot.net>
Resent-From: redhat-list@redhat.com
On Sun, 20 Oct 1996, Steve "Stevers!" Coile wrote:
> We frequently get "ICMP: Source Route Failed" and "ICMP: redirect from"
> message in /var/log/messages (i.e. via syslog). Should we be concerned
> about these, and if so, what should we do?
Hmmm
Well, it looks like someone *might* be having a go at your site. Source
routed packets are frequently used in hack attempts to spoof IP numbers.
That is why the default kernel config is to drop these on the floor.
Similarly, "redirect" packets are routing information that advises new
routes - and are used alongside source route packets to establish the
route for spoofing. You should not allow 'redirect' packets into your
site from outside.
If these are appearing from outside your network, I suggest you try and
find out where they are coming from (using tcpdump perhaps) and then get
onto the originating site (the sysadmin is a good place to start). Keep
detailed records - and I would suggest you advise your immediate superior
that you think you *might* be being probed.
Robert Hart iweft@ipax.com.au
Voice: +61 (0)3 9735 3586
InterWeft, 35 Summit Road, Lilydale, Victoria 3140, Australia
IT, data and voice networking Consultancy
Strategic IT business planning
Internet planning, implementation, security and configuration
--
PLEASE read the Red Hat FAQ, Tips, HOWTO and the MAILING LIST ARCHIVES!
________________________________________________________________________
http://www.redhat.com/RedHat-FAQ http://www.redhat.com/RedHat-HOWTO
http://www.redhat.com/RedHat-Tips http://www.redhat.com/mailing-lists
------------------------------------------------------------------------
To unsubscribe: mail -s unsubscribe redhat-list-request@redhat.com < /dev/null
