02-22-2005 11:37 AM - edited 03-09-2019 10:25 AM
My Internet connection went down yesterday.
On my pix log, I notice I have a lot of ping from my ISP's router:
%PIX-4-106023: Deny icmp src outside:123.456.789.1 dst inside:192.168.1.1 (type 3, code 1) by access-group "outside_access_in"
Typically if a ping did not get through it will be a type 8 code 0. What would generate a type 3 code 1 error?
Thank you.
Eppie
02-22-2005 01:03 PM
I am sure you already looked this up but I will also post the information in case anyone else is interested - http://www.iana.org/assignments/icmp-parameters
My first guess would be that 192.168.1.1 (in your example above) is infected with some sort of virus that is causing this host to spit out random ICMP packets. You would get the Type 3 code 1 ICMP messages back from your upstream router if he didn't have a destination route for that host.
This could also be a sign of someone playing with a smurf attack.
Difficult to say for sure though.
Scott
02-23-2005 07:01 AM
I had more information from my ISP. He said that my local loop was down. In this case, the icmp (type 3 code 1) packets be returns to my internal systems from the router when my systems tried to connect to somewhere.
I thought that icmp replies only as aresult of icmp requests. If my system tried to connect to somewhere, would it generate an icmp request?
Eppie
02-23-2005 08:26 AM
Yep, that sounds like a logical answer as well. Sorry I didn't think of that option initally.
ICMP packets are used for many other purposes other than ICMP requests. For instance, fragmentation/MTU messages are often ICMP packets.
Scott
02-23-2005 11:05 AM
Where can I find more information on purposes of icmp packets? It will definitely help to do troubleshooting.
Thank you.
Eppie
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide