I have an Ubuntu server with iptables that only allows echo request and reply for ICMP and log and drop other ICMP traffic. There is an always on SSH connection between this server and another Ubuntu server using autossh with static IP address on both ends. So the traffic is pretty much predictable between these two servers. Today I saw a very strange ICMP packet:
IN=eth0 OUT= SRC=w.x.y.z DST=a.b.c.d LEN=96 TOS=0x00 PREC=0x00 TTL=250 ID=59072 PROTO=ICMP TYPE=11 CODE=0 [SRC=a.b.c.d DST=e.f.g.h LEN=360 TOS=0x08 PREC=0x20 TTL=1 ID=56477 PROTO=TCP SPT=3435 DPT=49728 WINDOW=107 RES=0x00 ACK PSH URGP=0 ]
My Server IP: a.b.c.d
Peer Server IP: e.f.g.h
Packet came from: w.x.y.z
what is this packet trying to do?
Go to Source