Mailing List Archive

[nsp] ICMP 3/1
Hi,

From the firewall I am getting such message:
-------
%PIX-4-313003: Invalid destination for ICMP error message:
ICMP source 10.5.2.12 destination 192.168.247.208 (type 3, code 1) on outside interface.
Original IP payload: TCP source 10.5.2.12/3128 destination 10.5.24.57/2358.
-------

I understand that 10.5.2.12 is trying to reach 10.5.24.57 but cannot, the host is unreachable (altough, the real IP of this host is reachable from my network and MAE looking glass). Then an ICMP 3/1 is sent.

The ICMP packet should be sent from a router to 10.5.2.12 if 10.5.2.12 and 10.5.24.57 are not directly connected.

Then this ICMP packet should have an IP_Source = = router and IP_Destination = =10.5.2.12. It is not the case and this create an warning message on the firewall.

Now from the log of the firewall it appears that the ICMP packet is generated by 10.5.2.12 to a host (192.168.247.208 ) of my network where this two are not from the same AS number.

So how it comes and I receive such ICMP packet ?

Any comments are more than welcome.

Regards,

Christophe
------------------------------------------

Faites un voeu et puis Voila ! www.voila.fr