?
Solved

ICMP flood

Posted on 2010-08-21
5
Medium Priority
?
1,352 Views
Last Modified: 2013-11-29
Serveral computers on my network did send this:

10.0.10.x > 94.245.121.253: ICMP time exceeded in-transit, length 36

When this happens my network crashes (too many packets for my router)

It seems to be randomly 2-3 times a week and last for abpout 5 to 10 minuts.
 Any ide of what I am dealing with ?
0
Comment
Question by:soffcec
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 1

Accepted Solution

by:
Bondy74 earned 668 total points
ID: 33491428
You may want to run Malwarebytes on one of the affected pc's to make sure there is nothing there that could be trying to attempt a denial of service attack. The IP you have mentioned is apparently in a range supplied to Microsoft. If it finds anything then i would install on all pc's and remove.

If this doesn't work can you have a look at the Sys log and App logs and see if you can provide more information for troubleshooting?


0
 
LVL 24

Assisted Solution

by:rfc1180
rfc1180 earned 1332 total points
ID: 33491770
"10.0.10.x > 94.245.121.253: ICMP time exceeded in-transit, length 36"
This message indicates that an ICMP Time Exceeded packet was observed on the network. This is commonly a sign of a user or program running a traceroute request. It can also be caused by network problems such as routing loops, router failure, and incorrectly configured hosts.

How do you know that the router is crashing specifically to these requests?
What kind of router do you have?
You could be running into a software bug on the router.
You could always block those ICMP messages (Time-exceeded) messages into your network, as it appears that one of your hosts is generating the message back to the source (94.245.121.253).

Billy
0
 

Author Comment

by:soffcec
ID: 33491826
It's not router it is ADSL-DSLAM bridge. (Corecess)  The ethernet port on the dslam drops packets when this flood occurs. It comes from several ip addresses and they are the addresse of the ADSL routers.
0
 
LVL 24

Assisted Solution

by:rfc1180
rfc1180 earned 1332 total points
ID: 33491880
>It's not router it is ADSL-DSLAM bridge. (Corecess)  The ethernet port on the dslam drops packets when >this flood occurs. It comes from several ip addresses and they are the addresse of the ADSL routers.

Oh, but you said it was a router " (too many packets for my router)"
Well, at any rate, it sounds like the software on the Coreaccess bridge has a bug, or in fact the amount of traffic coming in is causing the bridge to fail based on unavailable resources.

Your Ethernet port should not be dropping any packets; however if the packets were destined to the coreaccess IP layer, then like most hardware that was processing ICMP traffic would more than likely be processed by software rather than in hardware.

I have never touched an Coreaccess bridge before any any DSLAM equipment for that matter. Just honestly sounds like you have a bug or in fact out of resources during the flood of traffic.

I can tell you that the intermediary devices in a provider network should never drop any ICMP traffic or any traffic for that matter, it should be left of the the edge devices of a customer/end-point device to filter that traffic. You as a provider should should switch/bridge/forward the packets untouched without any modification unless if the packets were destined for any devices in your network.

Billy
0
 

Author Closing Comment

by:soffcec
ID: 33743006
xx
0

Featured Post

Percona Live Europe 2017 | Sep 25 - 27, 2017

The Percona Live Open Source Database Conference Europe 2017 is the premier event for the diverse and active European open source database community, as well as businesses that develop and use open source database software.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question