06-14-2007 03:59 AM - edited 03-03-2019 05:26 PM
I scanned our router and got this error back, how do I fix this:
When a host receives an IP packet with a protocol called a "Probe" that it does not support, the host normally responds with an ICMP Protocol Unreachable (ICMP type of 3 and ICMP code of 2) packet. This ICMP packet consists of an IP header, an ICMP header, and some ICMP payload. The ICMP payload normally contains the IP header of the Probe and all or part of the IP payload. In some TCP/IP implementations, the ICMP payload has a fixed size or a minimum size. When this fixed or minimum size exceeds the size of the Probe, zero padding bytes should be used to pad up the ICMP packet to its fixed or minimum size. However, it was observed that non-zero padding bytes were used by the host. These non-zero padding bytes are likely to be part of the kernel memory.
06-14-2007 04:28 AM
What problems the non-zero padding bytes are causing you?
Being these generated by the host, you should work on the host to change the behavior, if possible.
06-14-2007 05:02 AM
I have no idea, we have the ADSL router for our guest network and we just did a vulnerability scan against it's external facing IP and this is the single vulnerability we got back. I have no idea what it means or weather it's anything to worry about.....
06-14-2007 05:05 AM
Andy
I would not think that this was anything to worry about.
I am curious which scan reported this. Can you tell us?
HTH
Rick
06-14-2007 05:24 AM
Qualys
I've used many, nessus was also one of my favs, but Qualys rules.
06-14-2007 05:25 AM
Is this a Cisco router that you are talking about? If it is, you can block sending of ICMP replies altogether and this is usually the best behavior for security concerned sites.
06-14-2007 05:31 AM
It is a router, can I have an example on how to block this please?
Thanks
06-14-2007 05:39 AM
Andy
interface fastethernet0/0
no ip unreachables
this will block sending of any ICMP unreachable message.
HTH
Rick
06-14-2007 05:52 AM
Thanks, Andy, this is an 837 ADSL router, would I just apply it onto the ATM?
06-14-2007 06:09 AM
Andy
Does the config have a dialer interface to work with the ATM? If so I would put it on the dialer interface. Actually I would probably put it on all the interfaces.
HTH
Rick
06-14-2007 06:27 AM
It does Andy, I'll try and do this and let you know how it goes.
I appreciate your help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide