Hi Mark,
Slap a sniffer on the wire and see if it's ICMP Type 9 Code 0.
This is described in RFC-1256 as the ICMP Router Discovery Message.
If so, then you have a router out there sending IRDP advertisements.
It was intended to provide hosts with the IP addresses of their
neighboring routers. This is a good idea for dropping a host into
a network and getting it to work right away.
This is a bad idea for a firewall - which is why yours is ignoring it.
Hope this helps,
Chris Lonvick
Cisco Systems
Consulting Engineering
Houston, TX, USA
+1-713-778-5663
At 07:31 PM 1/31/97 -0700, Mark Thompson wrote:
>We're getting some logging that we can't explain in our FW-1 2.1 (solaris)
>logs which I was hoping somebody out there might be able to help us
>with:
>
>ICMP class 9 rejected;
>ICMP code 0 rejected
>
>Does anybody have any idea what these classes and codes mean. Are
>these FW-1'isms, or are they actually part of the ICMP spec? We had an
>idea that they might be related to RIP traffic, but have (as of yet) been
>unable to find proof.
>
>Thanks much,
>
>Mark.
>
>Mark Thompson
>Manager of Network Services
>The University of Lethbridge
>Lethbridge, AB Canada
>
>thommd @
cetus .
mngt .
uleth .
ca
>(403) 329-2689
>
>
|
|
