Solved

ICMP flood

Posted on 2010-08-21
5
1,324 Views
Last Modified: 2013-11-29
Serveral computers on my network did send this:

10.0.10.x > 94.245.121.253: ICMP time exceeded in-transit, length 36

When this happens my network crashes (too many packets for my router)

It seems to be randomly 2-3 times a week and last for abpout 5 to 10 minuts.
 Any ide of what I am dealing with ?
0
Comment
Question by:soffcec
  • 2
  • 2
5 Comments
 
LVL 1

Accepted Solution

by:
Bondy74 earned 167 total points
ID: 33491428
You may want to run Malwarebytes on one of the affected pc's to make sure there is nothing there that could be trying to attempt a denial of service attack. The IP you have mentioned is apparently in a range supplied to Microsoft. If it finds anything then i would install on all pc's and remove.

If this doesn't work can you have a look at the Sys log and App logs and see if you can provide more information for troubleshooting?


0
 
LVL 24

Assisted Solution

by:rfc1180
rfc1180 earned 333 total points
ID: 33491770
"10.0.10.x > 94.245.121.253: ICMP time exceeded in-transit, length 36"
This message indicates that an ICMP Time Exceeded packet was observed on the network. This is commonly a sign of a user or program running a traceroute request. It can also be caused by network problems such as routing loops, router failure, and incorrectly configured hosts.

How do you know that the router is crashing specifically to these requests?
What kind of router do you have?
You could be running into a software bug on the router.
You could always block those ICMP messages (Time-exceeded) messages into your network, as it appears that one of your hosts is generating the message back to the source (94.245.121.253).

Billy
0
 

Author Comment

by:soffcec
ID: 33491826
It's not router it is ADSL-DSLAM bridge. (Corecess)  The ethernet port on the dslam drops packets when this flood occurs. It comes from several ip addresses and they are the addresse of the ADSL routers.
0
 
LVL 24

Assisted Solution

by:rfc1180
rfc1180 earned 333 total points
ID: 33491880
>It's not router it is ADSL-DSLAM bridge. (Corecess)  The ethernet port on the dslam drops packets when >this flood occurs. It comes from several ip addresses and they are the addresse of the ADSL routers.

Oh, but you said it was a router " (too many packets for my router)"
Well, at any rate, it sounds like the software on the Coreaccess bridge has a bug, or in fact the amount of traffic coming in is causing the bridge to fail based on unavailable resources.

Your Ethernet port should not be dropping any packets; however if the packets were destined to the coreaccess IP layer, then like most hardware that was processing ICMP traffic would more than likely be processed by software rather than in hardware.

I have never touched an Coreaccess bridge before any any DSLAM equipment for that matter. Just honestly sounds like you have a bug or in fact out of resources during the flood of traffic.

I can tell you that the intermediary devices in a provider network should never drop any ICMP traffic or any traffic for that matter, it should be left of the the edge devices of a customer/end-point device to filter that traffic. You as a provider should should switch/bridge/forward the packets untouched without any modification unless if the packets were destined for any devices in your network.

Billy
0
 

Author Closing Comment

by:soffcec
ID: 33743006
xx
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now