Linux Help
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me

The Shed is going Social! Join us on FaceBook and Twitter and chime in on the conversation.

Go Back   Dev Shed ForumsOperating SystemsLinux Help

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
  #1  
Old March 11th, 2002, 10:50 AM
vizeta vizeta is offline
Member
Dev Shed Newbie (0 - 499 posts)
 
Join Date: Jun 2001
Location: Toronto, Canada
Posts: 22 vizeta User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
HELP!! Invalid ICMP error

Dear all,
I've got this error message on my Redhat6.2 "209.3.198.22 sent an invalid ICMP error to a broadcast" then my linux box has been locked up. I can't even login in local. Please let me how can I login again and how can I prevent this attack again.

Reply With Quote
  #2  
Old March 11th, 2002, 11:47 AM
M.Hirsch M.Hirsch is offline
Contributing User
Dev Shed God 1st Plane (5500 - 5999 posts)
 
Join Date: Oct 2000
Location: Back in the real world.
Posts: 5,966 M.Hirsch User rank is First Lieutenant (10000 - 20000 Reputation Level)M.Hirsch User rank is First Lieutenant (10000 - 20000 Reputation Level)M.Hirsch User rank is First Lieutenant (10000 - 20000 Reputation Level)M.Hirsch User rank is First Lieutenant (10000 - 20000 Reputation Level)M.Hirsch User rank is First Lieutenant (10000 - 20000 Reputation Level)M.Hirsch User rank is First Lieutenant (10000 - 20000 Reputation Level)M.Hirsch User rank is First Lieutenant (10000 - 20000 Reputation Level)M.Hirsch User rank is First Lieutenant (10000 - 20000 Reputation Level) 
Time spent in forums: 1 Month 2 Days 52 m 24 sec
Reputation Power: 189
Probably it is a kernel bug.
Connect a keyboard and monitor to your box. most likely it is totatlly frozen.
This could be one of the well-known DOS-attacks against the linux tcp-ip stack in older versions.
to prevent it from happening again, you can do two things:
- upgrade your kernel
- setup ipchains/iptables not to allow this type of icmp (if it is not a vital one)

one tip: once you have the keyboard connected to your machine, press alt-print-space and see if you get an answer on one of the consoles.
if yes, you are lucky and probably wonīt lose any data (if you use ext3, you wonīt anyway )
then you can do alt-print-S (SYNC, best twice with 10 seconds in between). then alt-print-U (UMOUNT all Filesystems). then reboot your machine (alt-print-B i think) and go immediately into single-user mode. unless you use only journaling filesystems, you need to force FSCK after this kind of crash!

Manuel
__________________
--
Manuel Hirsch - Linux, FreeBSD, programming, administration articles, tutorials and more.

Reply With Quote
  #3  
Old March 11th, 2002, 02:18 PM
vizeta vizeta is offline
Member
Dev Shed Newbie (0 - 499 posts)
 
Join Date: Jun 2001
Location: Toronto, Canada
Posts: 22 vizeta User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
THANK YOU VERY MUCH M.Hirsch!! I haven't tired it yet, I'll let you know if I need other help. Thanks again.

Reply With Quote
  #4  
Old March 11th, 2002, 02:53 PM
freebsd freebsd is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
 
Join Date: Jan 2001
Posts: 5 freebsd User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
>> This could be one of the well-known DOS-attacks

That's actually known as smurf attack. In old version of BSDs you can run sysctl and turn that (net.inet.icmp.bmcastecho) off explicitly.

Reply With Quote
  #5  
Old March 11th, 2002, 03:33 PM
M.Hirsch M.Hirsch is offline
Contributing User
Dev Shed God 1st Plane (5500 - 5999 posts)
 
Join Date: Oct 2000
Location: Back in the real world.
Posts: 5,966 M.Hirsch User rank is First Lieutenant (10000 - 20000 Reputation Level)M.Hirsch User rank is First Lieutenant (10000 - 20000 Reputation Level)M.Hirsch User rank is First Lieutenant (10000 - 20000 Reputation Level)M.Hirsch User rank is First Lieutenant (10000 - 20000 Reputation Level)M.Hirsch User rank is First Lieutenant (10000 - 20000 Reputation Level)M.Hirsch User rank is First Lieutenant (10000 - 20000 Reputation Level)M.Hirsch User rank is First Lieutenant (10000 - 20000 Reputation Level)M.Hirsch User rank is First Lieutenant (10000 - 20000 Reputation Level) 
Time spent in forums: 1 Month 2 Days 52 m 24 sec
Reputation Power: 189
of course you can do that in linux too... itīs hidden somewhere in the proc-fs, but i cannot tell you right now where exactly (as my linux pc just had a HD-crash)

tnx for the hint anyway.

and iīll look it up as soon as i found the time (and money) to order a new hd...

Reply With Quote
  #6  
Old March 11th, 2002, 04:52 PM
vizeta vizeta is offline
Member
Dev Shed Newbie (0 - 499 posts)
 
Join Date: Jun 2001
Location: Toronto, Canada
Posts: 22 vizeta User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
Quote:
Originally posted by freebsd
>> This could be one of the well-known DOS-attacks

That's actually known as smurf attack. In old version of BSDs you can run sysctl and turn that (net.inet.icmp.bmcastecho) off explicitly.


Thanks for you help. But how to use sysctl? could you show me the command line?

Reply With Quote
  #7  
Old March 11th, 2002, 04:56 PM
M.Hirsch M.Hirsch is offline
Contributing User
Dev Shed God 1st Plane (5500 - 5999 posts)
 
Join Date: Oct 2000
Location: Back in the real world.
Posts: 5,966 M.Hirsch User rank is First Lieutenant (10000 - 20000 Reputation Level)M.Hirsch User rank is First Lieutenant (10000 - 20000 Reputation Level)M.Hirsch User rank is First Lieutenant (10000 - 20000 Reputation Level)M.Hirsch User rank is First Lieutenant (10000 - 20000 Reputation Level)M.Hirsch User rank is First Lieutenant (10000 - 20000 Reputation Level)M.Hirsch User rank is First Lieutenant (10000 - 20000 Reputation Level)M.Hirsch User rank is First Lieutenant (10000 - 20000 Reputation Level)M.Hirsch User rank is First Lieutenant (10000 - 20000 Reputation Level) 
Time spent in forums: 1 Month 2 Days 52 m 24 sec
Reputation Power: 189
you asked in a linux forum, are u using linux or freebsd? the kernel-level stuff is quite different!

for linux docs, refer to /usr/src/linux/Documentation/proc-fs.txt (or similar, canīt look it up right now) if you have kernel sources installed.

[edit]
looking at your first post again, you are using linux (redhat)
so the sysctl is of no use for you
the command line for linux is similar to (but not 100% the same since i cannot look up the correct syntax right now):
echo 1 > /proc/sys/net/ipv4/ignore_icmp_broadcasts
[/edit]

Last edited by M.Hirsch : March 11th, 2002 at 05:00 PM.

Reply With Quote
Reply

Viewing: Dev Shed ForumsOperating SystemsLinux Help > HELP!! Invalid ICMP error

Developer Shed Advertisers and Affiliates



Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump

Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 


Powered by: vBulletin Version 3.0.5
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.

© 2003-2013 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap