| Code | 描述 |
|---|---|
| 0 | Time to live (TTL) equals 0 during transit. |
| 1 | Fragment reassembly timeout.封包重組逾時 |
Code 0 說明
If the gateway processing a datagram finds the time to live field is zero it must discard the datagram. The gateway may also notify the source host via the time exceeded message.
Code 0 may be received from a gateway
在防火牆Log上常看到來自外部來的ICMP type 1 code 0的訊息,根據上述的說明,路由器在傳遞封包時,當TTL值為0時,路由器會丟棄封包,並回應來原主機ICMP type 1 code 0的訊息。
這個狀況會發生在DNS主機上,攻擊者倭造來源IP,對DNS主機發送查詢,DNS會將查詢的結果回應至來源IP,因為來源IP不存在,故封包經過路由器傳遞到TTL 為0時,變丟棄封包,並告知來原主機 ICMP type 11 code 0 ,表示該封包無法傳遞並告知來源IP。
ICMP type 3 Destination Unreachable
Code 0 may be received from a gateway
在防火牆Log上常看到來自外部來的ICMP type 1 code 0的訊息,根據上述的說明,路由器在傳遞封包時,當TTL值為0時,路由器會丟棄封包,並回應來原主機ICMP type 1 code 0的訊息。
這個狀況會發生在DNS主機上,攻擊者倭造來源IP,對DNS主機發送查詢,DNS會將查詢的結果回應至來源IP,因為來源IP不存在,故封包經過路由器傳遞到TTL 為0時,變丟棄封包,並告知來原主機 ICMP type 11 code 0 ,表示該封包無法傳遞並告知來源IP。
ICMP type 3 Destination Unreachable
|
Code
|
Description
|
|
0
|
Network unreachable error.
路由器無法將封包傳遞至目標位址,通常是路由器無法將封包根據路由表傳遞至下一個路徑,故路由器會送出網路無法到達訊息。
|
|
1
|
Host unreachable error.
由路由器或Gateway送出,通常是無法存取該網段的某個主機。
|
|
2
|
Protocol unreachable
error. 通訊協定錯誤,無法傳達。
Sent when the designated transport protocol is not supported. |
|
3
|
Port unreachable error. 無法存取Port
Sent when the designated transport protocol is unable to demultiplex the datagram but has no protocol mechanism to inform the sender. |
|
4
|
The datagram is too big.
Packet fragmentation is required but the DF bit in the IP header is set. |
|
5
|
Source route failed error.
|
|
6
|
Destination network
unknown error.
|
|
7
|
Destination host unknown
error.
|
|
8
|
Source host isolated
error.
Obsolete. |
|
9
|
The destination network is
administratively prohibited.
|
|
10
|
The destination host is
administratively prohibited.
|
|
11
|
The network is unreachable
for Type Of Service.
|
|
12
|
The host is unreachable
for Type Of Service.
|
|
13
|
Communication
Administratively Prohibited.
This is generated if a router cannot forward a packet due to administrative filtering. |
|
14
|
Host precedence violation.
Sent by the first hop router to a host to indicate that a requested precedence is not permitted for the particular combination of source/destination host or network, upper layer protocol, and source/destination port. |
|
15
|
Precedence cutoff in
effect.
The network operators have imposed a minimum level of precedence required for operation, the datagram was sent with a precedence below this level. |
|
16
- 255 |
|
沒有留言:
張貼留言