ICMP flood

Serveral computers on my network did send this:

10.0.10.x > 94.245.121.253: ICMP time exceeded in-transit, length 36

When this happens my network crashes (too many packets for my router)

It seems to be randomly 2-3 times a week and last for abpout 5 to 10 minuts.
 Any ide of what I am dealing with ?
soffcecManagerAsked:
Who is Participating?
 
Bondy74Connect With a Mentor Commented:
You may want to run Malwarebytes on one of the affected pc's to make sure there is nothing there that could be trying to attempt a denial of service attack. The IP you have mentioned is apparently in a range supplied to Microsoft. If it finds anything then i would install on all pc's and remove.

If this doesn't work can you have a look at the Sys log and App logs and see if you can provide more information for troubleshooting?


0
 
rfc1180Connect With a Mentor Commented:
"10.0.10.x > 94.245.121.253: ICMP time exceeded in-transit, length 36"
This message indicates that an ICMP Time Exceeded packet was observed on the network. This is commonly a sign of a user or program running a traceroute request. It can also be caused by network problems such as routing loops, router failure, and incorrectly configured hosts.

How do you know that the router is crashing specifically to these requests?
What kind of router do you have?
You could be running into a software bug on the router.
You could always block those ICMP messages (Time-exceeded) messages into your network, as it appears that one of your hosts is generating the message back to the source (94.245.121.253).

Billy
0
 
soffcecManagerAuthor Commented:
It's not router it is ADSL-DSLAM bridge. (Corecess)  The ethernet port on the dslam drops packets when this flood occurs. It comes from several ip addresses and they are the addresse of the ADSL routers.
0
 
rfc1180Connect With a Mentor Commented:
>It's not router it is ADSL-DSLAM bridge. (Corecess)  The ethernet port on the dslam drops packets when >this flood occurs. It comes from several ip addresses and they are the addresse of the ADSL routers.

Oh, but you said it was a router " (too many packets for my router)"
Well, at any rate, it sounds like the software on the Coreaccess bridge has a bug, or in fact the amount of traffic coming in is causing the bridge to fail based on unavailable resources.

Your Ethernet port should not be dropping any packets; however if the packets were destined to the coreaccess IP layer, then like most hardware that was processing ICMP traffic would more than likely be processed by software rather than in hardware.

I have never touched an Coreaccess bridge before any any DSLAM equipment for that matter. Just honestly sounds like you have a bug or in fact out of resources during the flood of traffic.

I can tell you that the intermediary devices in a provider network should never drop any ICMP traffic or any traffic for that matter, it should be left of the the edge devices of a customer/end-point device to filter that traffic. You as a provider should should switch/bridge/forward the packets untouched without any modification unless if the packets were destined for any devices in your network.

Billy
0
 
soffcecManagerAuthor Commented:
xx
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.