cancel
Showing results for 
Search instead for 
Did you mean: 

Firewall icmp check

sparkalfa
Grafter
Posts: 35
Registered: ‎30-01-2008

Firewall icmp check

Looking at my event logs recently and saw this 1
Redirect code: redirect data gram for the host
The source ip is from Korea and gas no host name associated with it
Should I be worried about this?
Thanks
Mark
7 REPLIES 7
sparkalfa
Grafter
Posts: 35
Registered: ‎30-01-2008

Re: Firewall icmp check

Is the above problem anything to do with this?
http://www.bbc.co.uk/news/technology-26417441
sparkalfa
Grafter
Posts: 35
Registered: ‎30-01-2008

Re: Firewall icmp check

I have investigated this a bit but not quite sure if it's malicious or not is there any way to check to see if it has changed the routing in my router
Thanks
Mark
TORPC
Grafter
Posts: 5,163
Registered: ‎08-12-2013

Re: Firewall icmp check

Are you able to telnet into the router
If so can you post the results

[code=Telnet File=Get router Stats]
Command Comments
xdsl info expand=enabled See Telnet Scripting for a method to get these stats quick.[/code]
You can also find more commands here
http://npr.me.uk/telnet.html
I also mentioned about a recent trend from Korea & other countries, that I have seen
Quote
Error    Feb 19 14:23:03   FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 175.215.16.88 [Korea Telecom] Dst ip: [IP Address Removed] Type: Destination Unreachable Code: Port Unreacheable

First mentioned here http://community.plus.net/forum/index.php/topic,122856.msg1076068.html#msg1076068
Will see if I can find the other thread for reference


Edit:
Here it is even though Plusnet have not addressed it as yet
Firewall attacks from Telecoms Worldwide (anyone else seeing this trend) ?Huh
npr
Pro
Posts: 1,898
Thanks: 119
Fixes: 9
Registered: ‎21-01-2013

Re: Firewall icmp check

That command is to display the Technicolor routers ADSL connection stats.
It's nothing to do with URL redirection.
If the OP is using a technicolor router:
1) AFAIK these routers are not affected by the Hack reported in the BBC link.
2) IF the log report was from the firewall (which they often are), it just shows the firewall is doing it's job.
Nothing to worry about IMO.
sparkalfa
Grafter
Posts: 35
Registered: ‎30-01-2008

Re: Firewall icmp check

Thanks for the replies for information it is the plusnet supplied technicolor router I don't know if it came from the Firewall it was just a 1 off in amongst the usual port unreachable and destination unreachable messages and port scans
I have been seeing a few time to live exceeded messages recently.
I will try to telnet in later to get he stats
Why would somebody send  a request  to get the adsl connection stats?
Thanks
Mark
TORPC
Grafter
Posts: 5,163
Registered: ‎08-12-2013

Re: Firewall icmp check

As npr said the router firewall looks like it is doing its job & preventing the Koreans access
gofaster
Rising Star
Posts: 369
Thanks: 16
Registered: ‎01-08-2007

Re: Firewall icmp check

It's when the router stops reporting issues that you need to worry  Wink