|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
SlickEdit: Code in over 40 languages across 7 platforms. SlickEdit’s unmatched power, speed, and flexibility allows even the most accomplished developers to write better code faster. Download a free trial today! |
|
#1
March 11th, 2002, 10:50 AM
|
|||
|
|||
|
HELP!! Invalid ICMP error
Dear all,
I've got this error message on my Redhat6.2 "209.3.198.22 sent an invalid ICMP error to a broadcast" then my linux box has been locked up. I can't even login in local. Please let me how can I login again and how can I prevent this attack again.
|
|
#2
March 11th, 2002, 11:47 AM
|
|||
|
|||
|
Probably it is a kernel bug.
Connect a keyboard and monitor to your box. most likely it is totatlly frozen. This could be one of the well-known DOS-attacks against the linux tcp-ip stack in older versions. to prevent it from happening again, you can do two things: - upgrade your kernel - setup ipchains/iptables not to allow this type of icmp (if it is not a vital one) one tip: once you have the keyboard connected to your machine, press alt-print-space and see if you get an answer on one of the consoles. if yes, you are lucky and probably won´t lose any data (if you use ext3, you won´t anyway  )then you can do alt-print-S (SYNC, best twice with 10 seconds in between). then alt-print-U (UMOUNT all Filesystems). then reboot your machine (alt-print-B i think) and go immediately into single-user mode. unless you use only journaling filesystems, you need to force FSCK after this kind of crash! Manuel
__________________
-- Manuel Hirsch - Linux, FreeBSD, programming, administration articles, tutorials and more.
|
|
#4
March 11th, 2002, 02:53 PM
|
|||
|
|||
|
>> This could be one of the well-known DOS-attacks
That's actually known as smurf attack. In old version of BSDs you can run sysctl and turn that (net.inet.icmp.bmcastecho) off explicitly.
|
|
#5
March 11th, 2002, 03:33 PM
|
|||
|
|||
|
of course you can do that in linux too...
it´s hidden somewhere in the proc-fs, but i cannot tell you right now where exactly (as my linux pc just had a HD-crash)tnx for the hint anyway. and i´ll look it up as soon as i found the time (and money) to order a new hd...
|
|
#6
March 11th, 2002, 04:52 PM
|
|||
|
|||
|
Quote:
Thanks for you help. But how to use sysctl? could you show me the command line?
|
|
#7
March 11th, 2002, 04:56 PM
|
|||
|
|||
|
you asked in a linux forum, are u using linux or freebsd? the kernel-level stuff is quite different!
for linux docs, refer to /usr/src/linux/Documentation/proc-fs.txt (or similar, can´t look it up right now) if you have kernel sources installed. [edit] looking at your first post again, you are using linux (redhat) so the sysctl is of no use for you  the command line for linux is similar to (but not 100% the same since i cannot look up the correct syntax right now): echo 1 > /proc/sys/net/ipv4/ignore_icmp_broadcasts [/edit] Last edited by M.Hirsch : March 11th, 2002 at 05:00 PM.
|
|
| Viewing: Dev Shed Forums > Operating Systems > Linux Help > HELP!! Invalid ICMP error |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
