Non-Zero Padding Bytes Observed in ICMP Protocol Unreachable Packets

Unanswered Question
Jun 14th, 2007

I scanned our router and got this error back, how do I fix this:

When a host receives an IP packet with a protocol called a "Probe" that it does not support, the host normally responds with an ICMP Protocol Unreachable (ICMP type of 3 and ICMP code of 2) packet. This ICMP packet consists of an IP header, an ICMP header, and some ICMP payload. The ICMP payload normally contains the IP header of the Probe and all or part of the IP payload. In some TCP/IP implementations, the ICMP payload has a fixed size or a minimum size. When this fixed or minimum size exceeds the size of the Probe, zero padding bytes should be used to pad up the ICMP packet to its fixed or minimum size. However, it was observed that non-zero padding bytes were used by the host. These non-zero padding bytes are likely to be part of the kernel memory.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Paolo Bevilacqua Thu, 06/14/2007 - 04:28

What problems the non-zero padding bytes are causing you?

Being these generated by the host, you should work on the host to change the behavior, if possible.

whiteford Thu, 06/14/2007 - 05:02

I have no idea, we have the ADSL router for our guest network and we just did a vulnerability scan against it's external facing IP and this is the single vulnerability we got back. I have no idea what it means or weather it's anything to worry about.....

Richard Burts Thu, 06/14/2007 - 05:05

Andy

I would not think that this was anything to worry about.

I am curious which scan reported this. Can you tell us?

HTH

Rick

whiteford Thu, 06/14/2007 - 05:24

Qualys

I've used many, nessus was also one of my favs, but Qualys rules.

Paolo Bevilacqua Thu, 06/14/2007 - 05:25

Is this a Cisco router that you are talking about? If it is, you can block sending of ICMP replies altogether and this is usually the best behavior for security concerned sites.

whiteford Thu, 06/14/2007 - 05:31

It is a router, can I have an example on how to block this please?

Thanks

Richard Burts Thu, 06/14/2007 - 05:39

Andy

interface fastethernet0/0

no ip unreachables

this will block sending of any ICMP unreachable message.

HTH

Rick

whiteford Thu, 06/14/2007 - 05:52

Thanks, Andy, this is an 837 ADSL router, would I just apply it onto the ATM?

Richard Burts Thu, 06/14/2007 - 06:09

Andy

Does the config have a dialer interface to work with the ATM? If so I would put it on the dialer interface. Actually I would probably put it on all the interfaces.

HTH

Rick

whiteford Thu, 06/14/2007 - 06:27

It does Andy, I'll try and do this and let you know how it goes.

I appreciate your help.

Actions

This Discussion