[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

ICMP flood

Posted on 2010-08-21
5
Medium Priority
?
1,357 Views
Last Modified: 2013-11-29
Serveral computers on my network did send this:

10.0.10.x > 94.245.121.253: ICMP time exceeded in-transit, length 36

When this happens my network crashes (too many packets for my router)

It seems to be randomly 2-3 times a week and last for abpout 5 to 10 minuts.
 Any ide of what I am dealing with ?
0
Comment
Question by:soffcec
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 1

Accepted Solution

by:
Bondy74 earned 668 total points
ID: 33491428
You may want to run Malwarebytes on one of the affected pc's to make sure there is nothing there that could be trying to attempt a denial of service attack. The IP you have mentioned is apparently in a range supplied to Microsoft. If it finds anything then i would install on all pc's and remove.

If this doesn't work can you have a look at the Sys log and App logs and see if you can provide more information for troubleshooting?


0
 
LVL 24

Assisted Solution

by:rfc1180
rfc1180 earned 1332 total points
ID: 33491770
"10.0.10.x > 94.245.121.253: ICMP time exceeded in-transit, length 36"
This message indicates that an ICMP Time Exceeded packet was observed on the network. This is commonly a sign of a user or program running a traceroute request. It can also be caused by network problems such as routing loops, router failure, and incorrectly configured hosts.

How do you know that the router is crashing specifically to these requests?
What kind of router do you have?
You could be running into a software bug on the router.
You could always block those ICMP messages (Time-exceeded) messages into your network, as it appears that one of your hosts is generating the message back to the source (94.245.121.253).

Billy
0
 

Author Comment

by:soffcec
ID: 33491826
It's not router it is ADSL-DSLAM bridge. (Corecess)  The ethernet port on the dslam drops packets when this flood occurs. It comes from several ip addresses and they are the addresse of the ADSL routers.
0
 
LVL 24

Assisted Solution

by:rfc1180
rfc1180 earned 1332 total points
ID: 33491880
>It's not router it is ADSL-DSLAM bridge. (Corecess)  The ethernet port on the dslam drops packets when >this flood occurs. It comes from several ip addresses and they are the addresse of the ADSL routers.

Oh, but you said it was a router " (too many packets for my router)"
Well, at any rate, it sounds like the software on the Coreaccess bridge has a bug, or in fact the amount of traffic coming in is causing the bridge to fail based on unavailable resources.

Your Ethernet port should not be dropping any packets; however if the packets were destined to the coreaccess IP layer, then like most hardware that was processing ICMP traffic would more than likely be processed by software rather than in hardware.

I have never touched an Coreaccess bridge before any any DSLAM equipment for that matter. Just honestly sounds like you have a bug or in fact out of resources during the flood of traffic.

I can tell you that the intermediary devices in a provider network should never drop any ICMP traffic or any traffic for that matter, it should be left of the the edge devices of a customer/end-point device to filter that traffic. You as a provider should should switch/bridge/forward the packets untouched without any modification unless if the packets were destined for any devices in your network.

Billy
0
 

Author Closing Comment

by:soffcec
ID: 33743006
xx
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question