x.x.x.x sent an invalid ICMP type 11, code 0 error to a broadcast

| | Comments (1)

Linux console shows something like "x.x.x.x sent an invalid ICMP type 11, code 0 error to a broadcast ..."
What's the problem?
Let's see kernel source net/ipv4/icmp.c

if (!sysctl_icmp_ignore_bogus_error_responses)
{
 if (inet_addr_type(iph->daddr) == RTN_BROADCAST)
 {
  if (net_ratelimit())
  printk(KERN_WARNING "%u.%u.%u.%u sent an invalid ICMP type %u, code %u error to a broadcast: %u.%u.%u.%u on %s\n
  NIPQUAD(skb->nh.iph->saddr),
  icmph->type, icmph->code,
  NIPQUAD(iph->daddr),
  skb->dev->name);
  goto out;
 }
}

It is because recieve ICMP bogus response,
to ignore this, add net.ipv4.icmp_ignore_bogus_error_responses=1 to /etc/sysctl.conf

1 Comments

Hi,

I know this post is old but...

How I could be sure this is a ICMP bogus response instead of malformed packet or attack?

Thanks

Leave a comment

凱莉手工坊

凱莉手工坊

July 2009

Sun Mon Tue Wed Thu Fri Sat
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31  

About this Entry

This page contains a single entry by Pank published on January 10, 2005 4:50 PM.

Local Root Exploit in Linux 2.4 and 2.6 was the previous entry in this blog.

grid.org is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.