craig@NNSC.NSF.NET (Craig Partridge) (01/01/88)
Hi folks,
A curiousity here. Looking at one of the CSNET machines,
I discovered that out of 170,000 IP packets received, 20,000 were
ICMP messages with type code #7. Type code #7 isn't listed in RFC-792.
Am I remiss in my reading? Should I not be worried about this rogue
ICMP message type which consumes over 10% of our packet processing?
Thanks,
CraigMills@UDEL.EDU (01/01/88)
Craig, I can't even find code #7 in GGP, from which ICMP was divorced some years ago. Are you sure the Type and Code fields are not swabbed? Also, who is sending those drat things? Gather up all the packets you see during the coming leap second and send them back there encapsulated in source-quench messages. Dave
robb@PARK-STREET.BBN.COM (robb) (01/02/88)
Craig,
Could I bother you for a little more information? You say
"Looking at one of the CSNET machines, I discovered that out of 170,000
IP packets received, ... "
By CSNET machine, you mean host, rather than gateway, right?
How recently did you notice this occurrence and can you give a historical
perspective to this problem (not noticed/not looked for a week/month ago)?
Is it possible to find out where some of these ICMP messages are coming
from and what the contents of some of these messages might be?
I ask these questions because I want to see if it is, perhaps,
our gateways that are, say, sending out an incorrect ICMP message in
response to some problem (ttl expire, redirect, whatever).
Thank you.
robb.