Solved

ICMP flood

Posted on 2010-08-21
5
1,331 Views
Last Modified: 2013-11-29
Serveral computers on my network did send this:

10.0.10.x > 94.245.121.253: ICMP time exceeded in-transit, length 36

When this happens my network crashes (too many packets for my router)

It seems to be randomly 2-3 times a week and last for abpout 5 to 10 minuts.
 Any ide of what I am dealing with ?
0
Comment
Question by:soffcec
  • 2
  • 2
5 Comments
 
LVL 1

Accepted Solution

by:
Bondy74 earned 167 total points
ID: 33491428
You may want to run Malwarebytes on one of the affected pc's to make sure there is nothing there that could be trying to attempt a denial of service attack. The IP you have mentioned is apparently in a range supplied to Microsoft. If it finds anything then i would install on all pc's and remove.

If this doesn't work can you have a look at the Sys log and App logs and see if you can provide more information for troubleshooting?


0
 
LVL 24

Assisted Solution

by:rfc1180
rfc1180 earned 333 total points
ID: 33491770
"10.0.10.x > 94.245.121.253: ICMP time exceeded in-transit, length 36"
This message indicates that an ICMP Time Exceeded packet was observed on the network. This is commonly a sign of a user or program running a traceroute request. It can also be caused by network problems such as routing loops, router failure, and incorrectly configured hosts.

How do you know that the router is crashing specifically to these requests?
What kind of router do you have?
You could be running into a software bug on the router.
You could always block those ICMP messages (Time-exceeded) messages into your network, as it appears that one of your hosts is generating the message back to the source (94.245.121.253).

Billy
0
 

Author Comment

by:soffcec
ID: 33491826
It's not router it is ADSL-DSLAM bridge. (Corecess)  The ethernet port on the dslam drops packets when this flood occurs. It comes from several ip addresses and they are the addresse of the ADSL routers.
0
 
LVL 24

Assisted Solution

by:rfc1180
rfc1180 earned 333 total points
ID: 33491880
>It's not router it is ADSL-DSLAM bridge. (Corecess)  The ethernet port on the dslam drops packets when >this flood occurs. It comes from several ip addresses and they are the addresse of the ADSL routers.

Oh, but you said it was a router " (too many packets for my router)"
Well, at any rate, it sounds like the software on the Coreaccess bridge has a bug, or in fact the amount of traffic coming in is causing the bridge to fail based on unavailable resources.

Your Ethernet port should not be dropping any packets; however if the packets were destined to the coreaccess IP layer, then like most hardware that was processing ICMP traffic would more than likely be processed by software rather than in hardware.

I have never touched an Coreaccess bridge before any any DSLAM equipment for that matter. Just honestly sounds like you have a bug or in fact out of resources during the flood of traffic.

I can tell you that the intermediary devices in a provider network should never drop any ICMP traffic or any traffic for that matter, it should be left of the the edge devices of a customer/end-point device to filter that traffic. You as a provider should should switch/bridge/forward the packets untouched without any modification unless if the packets were destined for any devices in your network.

Billy
0
 

Author Closing Comment

by:soffcec
ID: 33743006
xx
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco IOS from ipbase to ipservices 10 78
IP Calculator 10 56
NAS with google authentication 6 62
What To Do With Surplus Rack Server, Controller and Switches? 13 25
Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now