RE: ICMP TYPE 3

From: Sekurity Wizard (s.wizard@boundariez.com)
Date: Sun Sep 14 2003 - 00:35:19 EDT

• Next message: Pera Mis: "Inquiry: packet crafting tools for encapsulated protocols?"
• Previous message: Steve Goldsby (ICS): "RE: Cracking a Netscreen password"
• Maybe in reply to: gr00vy: "ICMP TYPE 3"
• Next in thread: R. DuFresne: "RE: ICMP TYPE 3"
• Reply: R. DuFresne: "RE: ICMP TYPE 3"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

That's your default route....it's telling you that you can't do what
you're trying to do.

-----Original Message-----
From: gr00vy [mailto:groovy2600@yahoo.com.ar]
Sent: Saturday, September 13, 2003 12:00 AM
To: pentest
Subject: ICMP TYPE 3

While I was doing some researching work I ping a broadcast ip address
and for my surprise i recieve an extrange response:

FIRST RESPONSE:

Internet Protocol, Src Addr: 200-70-xxx-164.rse.com.ar (200.70.xxx.164),
Dst Addr: 200-70-xxx-121.rse.com.ar (200.70.xxx.121) Internet Control
Message Protocol
    Type: 0 (Echo (ping) reply)
    Code: 0

SECOND RESPONSE:

Internet Protocol, Src Addr: 172.xxx.230.242 (172.xxx.230.242), Dst
Addr: 200-70-xxx-121.rse.com.ar (200.70.xxx.121)
Internet Control Message Protocol
    Type: 3 (Destination unreachable)
    Code: 13 (Communication administratively filtered) <<< Weird!

The OS's seems to be (xprobe):

First ROUTER
[+] Host 200.70.xxx.164 Running OS: "HP JetDirect ROM G.07.02 EEPROM
G.07.20" (Guess probability: 87%)

Second ROUTER
[+] Host 172.xxx.230.242 Running OS: "Cisco IOS 12.2" (Guess
probability: 71%)

My question is, what is it? an ACL? why do i get a response of a machine
i did not ping??? maybe it is a extrange behavior from Cisco ios. This
might help to fingerprint Os's who knows ????

Bye

-- 
gr00vy <groovy2600@yahoo.com.ar>
Linux User -- ZenCracking.com.ar
------------------------------------------------------------------------
---
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL 
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment 
technology powered by the award-winning FoundScan engine. Try it free
for  21 days at:
http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
------------------------------------------------------------------------
----
---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL 
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment 
technology powered by the award-winning FoundScan engine. Try it free for  21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------

• Next message: Pera Mis: "Inquiry: packet crafting tools for encapsulated protocols?"
• Previous message: Steve Goldsby (ICS): "RE: Cracking a Netscreen password"
• Maybe in reply to: gr00vy: "ICMP TYPE 3"
• Next in thread: R. DuFresne: "RE: ICMP TYPE 3"
• Reply: R. DuFresne: "RE: ICMP TYPE 3"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:39 EDT