Re: Could an ICMP Redirect have disconnected my server?

---

• From: SiO <ask@xxxxxx>
• Date: Wed, 29 Aug 2007 21:16:03 -0400

---

ljb wrote:

First, my questions, then explanation. Any help would be appreciated.

Does Linux (2.4.x) act on ICMP Redirect packets by default?
If so, can an ICMP Redirect override a static default route?
If so, does a routing table entry from an ICMP Redirect time out?

I have this Linux server that went mostly off-line suddenly today,
disconnecting a number of database users and such. The server is on an
intranet, private static IP address and one default route to a internal
router. (The only odd thing is that there are multiple logical subnets on
the same physical subnet.) When it dropped all those connections, it was
still reachable from, and could still reach, systems with the same subnet
number. Unfortunately, I didn't realize that at the time - I found two
systems that could still reach it, but I didn't make the subnet connection.
So I didn't check the routing table until later. About 90 minutes after it
dropped off, it came back up; nobody did anything to it - it just started
taking to the network normally again.

Trying to figure out what happened, I was wondering if a 'rogue' ICMP
redirect could cause this. Is this possible?

Hi,

From my personnal LAB experience I did a few weeks ago, I found out that my Linux box (FC6) did not accept ICMP Redirect by default (My WinXP did tought).

And there is a timeout on learned routes via ICMP redirect, it is 10 minutes.

From the testing I did in lab, forging packets, I was only able to send ICMP REDIRECTS for HOSTs only, not complete subnets (but that is from limited experience, maybe it feasable, but I was not able to). If you prefer, I could only send ICMP REDIRECT for routes with a /32 Mask, a host.

Hope this helps in anyway.

PS: If you wanna try to reproduce the problem, try using linux Excalubur Packet forger, Works good, nice study tool.
.

---

• Prev by Date: Re: How can ethernet card get multiple IP from DHCP server ?
• Next by Date: Re: linux does not auto detect monitor type
• Previous by thread: Lab Technician (Wireless Technologies)- Contract/Perm position
• Next by thread: Re: Could an ICMP Redirect have disconnected my server?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: IPCHAINS, NAT and transparent proxy? - special application. ... > I'm trying to get my linux box (2.2.20, one network card) to act as a ... > A will send its packet to the linux box "C" and C ... > deny icmp redirect. ... (comp.os.linux.security) Re: Linux IP router doesnt route ... > from one subnet to the other. ... > Here's the routing table: ... > Anybody have any idea why my Linux router doesn't route? ... (comp.os.linux.networking) Re: ICMP route test ... Route gateway address on an ICMP Redirect. ... Linux User #405757 ... Security Trends Report from Cenzic ... (Pen-Test) Re: Could an ICMP Redirect have disconnected my server? ... yes - but you seem to have a strange network ... does a routing table entry from an ICMP Redirect time out? ... systems with the same subnet number. ... (comp.os.linux.networking) Re: ICMP route test ... Route gateway address on an ICMP Redirect. ... Security Trends Report from Cenzic ... Join Sci-Tech News group and get the latest science & technology news ... (Pen-Test)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

linux.derkeiler.com  > Newsgroups  > comp.os.linux.networking  > 2007-08