Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5286
Views
0
Helpful
10
Replies

Non-Zero Padding Bytes Observed in ICMP Protocol Unreachable Packets

whiteford
Level 1
Level 1

‎06-14-2007 03:59 AM - edited ‎03-03-2019 05:26 PM

I scanned our router and got this error back, how do I fix this:

When a host receives an IP packet with a protocol called a "Probe" that it does not support, the host normally responds with an ICMP Protocol Unreachable (ICMP type of 3 and ICMP code of 2) packet. This ICMP packet consists of an IP header, an ICMP header, and some ICMP payload. The ICMP payload normally contains the IP header of the Probe and all or part of the IP payload. In some TCP/IP implementations, the ICMP payload has a fixed size or a minimum size. When this fixed or minimum size exceeds the size of the Probe, zero padding bytes should be used to pad up the ICMP packet to its fixed or minimum size. However, it was observed that non-zero padding bytes were used by the host. These non-zero padding bytes are likely to be part of the kernel memory.

Labels:
0 Helpful
10 Replies 10

paolo bevilacqua
Hall of Fame
Hall of Fame

‎06-14-2007 04:28 AM

What problems the non-zero padding bytes are causing you?

Being these generated by the host, you should work on the host to change the behavior, if possible.

0 Helpful

whiteford
Level 1
Level 1
In response to paolo bevilacqua

‎06-14-2007 05:02 AM

I have no idea, we have the ADSL router for our guest network and we just did a vulnerability scan against it's external facing IP and this is the single vulnerability we got back. I have no idea what it means or weather it's anything to worry about.....

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to whiteford

‎06-14-2007 05:05 AM

Andy

I would not think that this was anything to worry about.

I am curious which scan reported this. Can you tell us?

HTH

Rick

HTH

Rick
0 Helpful

whiteford
Level 1
Level 1
In response to Richard Burts

‎06-14-2007 05:24 AM

Qualys

I've used many, nessus was also one of my favs, but Qualys rules.

0 Helpful

paolo bevilacqua
Hall of Fame
Hall of Fame
In response to whiteford

‎06-14-2007 05:25 AM

Is this a Cisco router that you are talking about? If it is, you can block sending of ICMP replies altogether and this is usually the best behavior for security concerned sites.

0 Helpful

whiteford
Level 1
Level 1
In response to paolo bevilacqua

‎06-14-2007 05:31 AM

It is a router, can I have an example on how to block this please?

Thanks

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to whiteford

‎06-14-2007 05:39 AM

Andy

interface fastethernet0/0

no ip unreachables

this will block sending of any ICMP unreachable message.

HTH

Rick

HTH

Rick
0 Helpful

whiteford
Level 1
Level 1
In response to Richard Burts

‎06-14-2007 05:52 AM

Thanks, Andy, this is an 837 ADSL router, would I just apply it onto the ATM?

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to whiteford

‎06-14-2007 06:09 AM

Andy

Does the config have a dialer interface to work with the ATM? If so I would put it on the dialer interface. Actually I would probably put it on all the interfaces.

HTH

Rick

HTH

Rick
0 Helpful

whiteford
Level 1
Level 1
In response to Richard Burts

‎06-14-2007 06:27 AM

It does Andy, I'll try and do this and let you know how it goes.

I appreciate your help.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card