[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    Re: ICMP Class 9; Code 0 in FW-1 Logs??
From:       Chris Lonvick <clonvick () cisco ! com>
Date:       1997-02-01 0:08:29
[Download RAW message or body]

Hi Mark,

Slap a sniffer on the wire and see if it's ICMP Type 9 Code 0.
This is described in RFC-1256 as the ICMP Router Discovery Message.
If so, then you have a router out there sending IRDP advertisements.
It was intended to provide hosts with the IP addresses of their
neighboring routers.  This is a good idea for dropping a host into
a network and getting it to work right away.  

This is a bad idea for a firewall - which is why yours is ignoring it.

Hope this helps,

Chris Lonvick
Cisco Systems
Consulting Engineering
Houston, TX, USA
+1-713-778-5663

At 07:31 PM 1/31/97 -0700, Mark Thompson wrote:
>We're getting some logging that we can't explain in our FW-1 2.1 (solaris)
>logs which I was hoping somebody out there might be able to help us
>with:
>
>ICMP class 9 rejected; 
>ICMP code 0 rejected
>
>Does anybody have any idea what these classes and codes mean.  Are
>these FW-1'isms, or are they actually part of the ICMP spec?  We had an
>idea that they might be related to RIP traffic, but have (as of yet) been
>unable to find proof.
>
>Thanks much,
>
>Mark.
>
>Mark Thompson
>Manager of Network Services
>The University of Lethbridge
>Lethbridge, AB Canada
>
>thommd@cetus.mngt.uleth.ca
>(403) 329-2689
>
>

[prev in list] [next in list] [prev in thread] [next in thread]