HELP!! Invalid ICMP error

Dear all,
I've got this error message on my Redhat6.2 "209.3.198.22 sent an invalid ICMP error to a broadcast" then my linux box has been locked up. I can't even login in local. Please let me how can I login again and how can I prevent this attack again.

Probably it is a kernel bug.
Connect a keyboard and monitor to your box. most likely it is totatlly frozen.
This could be one of the well-known DOS-attacks against the linux tcp-ip stack in older versions.
to prevent it from happening again, you can do two things:
- upgrade your kernel
- setup ipchains/iptables not to allow this type of icmp (if it is not a vital one)

one tip: once you have the keyboard connected to your machine, press alt-print-space and see if you get an answer on one of the consoles.
if yes, you are lucky and probably won´t lose any data (if you use ext3, you won´t anyway )
then you can do alt-print-S (SYNC, best twice with 10 seconds in between). then alt-print-U (UMOUNT all Filesystems). then reboot your machine (alt-print-B i think) and go immediately into single-user mode. unless you use only journaling filesystems, you need to force FSCK after this kind of crash!

Manuel

THANK YOU VERY MUCH M.Hirsch!! I haven't tired it yet, I'll let you know if I need other help. Thanks again.

>> This could be one of the well-known DOS-attacks

That's actually known as smurf attack. In old version of BSDs you can run sysctl and turn that (net.inet.icmp.bmcastecho) off explicitly.

of course you can do that in linux too... it´s hidden somewhere in the proc-fs, but i cannot tell you right now where exactly (as my linux pc just had a HD-crash)

tnx for the hint anyway.

and i´ll look it up as soon as i found the time (and money) to order a new hd...

Thanks for you help. But how to use sysctl? could you show me the command line?

you asked in a linux forum, are u using linux or freebsd? the kernel-level stuff is quite different!

for linux docs, refer to /usr/src/linux/Documentation/proc-fs.txt (or similar, can´t look it up right now) if you have kernel sources installed.

[edit]
looking at your first post again, you are using linux (redhat)
so the sysctl is of no use for you
the command line for linux is similar to (but not 100% the same since i cannot look up the correct syntax right now):
echo 1 > /proc/sys/net/ipv4/ignore_icmp_broadcasts
[/edit]