cancel
Showing results for 
Search instead for 
Did you mean: 

TG528n router firewall message

Superuser
Superuser
Posts: 11,060
Thanks: 2,411
Fixes: 21
Registered: 22-08-2007

TG528n router firewall message

Found this in the logs this morning...
Quote
Feb 10 05:09:56 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 198.27.85.44 Dst ip: 80.229.my.ip Type: Destination Unreachable Code: Communication with Destination Host is Administratively Prohibited

Can anyone tell me what this means please?
Clearly this message has reached its destination (my IP address), so the destination has been reached, but what administrative configuration is blocking the connection?
Not worried, just want to understand the messages!
2 REPLIES
Community Veteran
Posts: 5,057
Thanks: 426
Fixes: 16
Registered: 10-06-2010

Re: TG528n router firewall message

The log message just lists some of the details contained in the ICMP packet. It was an ICMP packet of type "Destination Unreachable" and contained the reason code number for "Communication with Destination Host is Administratively Prohibited" See http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol#Destination_unreachable
The ICMP packet probably contained further details, which are not given in the log messages (details which are essential to match the packet to an outgoing connection). The router would be expecting to receive an ICMP destination unreachable packet that corresponds to an outgoing packet. But anyone could create and send an ICMP destination unreachable packet, which the router will ignore or write an unhelpful log message about, if there was no outgoing packet that could have resulted in that ICMP destination unreachable packet being received.
Superuser
Superuser
Posts: 11,060
Thanks: 2,411
Fixes: 21
Registered: 22-08-2007

Re: TG528n router firewall message

Ejs,
Thank you for the information.  So in short, someone s spoofing replies to messages which were never set.
Cheers,
Kevin