Re: ICMP Unreachables

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings,

I went through this very issue when working on the current version nemesis. While it uses the older libnet library, you can reference my solution to the problem. (http://www.snort.org/~jeff/nemesis)

An ICMP unreachable will contain the original IP header (including options, so make sure to account for this when allocating memory and possibly adding IP options to your original IP header within the unreachable packet) and 8 bytes from the original packet's transport header.

So, the idea is that instead of thinking of an unreachable as carrying 8 random bytes of payload, think of those 8 bytes as what would have been the first 8 bytes of the transport header that generated the ICMP unreachable packet. In the case of UDP, you can fit the entire header in the ICMP unreachable packet. In the case of TCP, you obviously won't get the entire header in there. I believe the purpose of those 8 bytes is to be informative as to what packet caused the error (debugging).

The choice as to what is placed in those 8 bytes is dependent upon the packet that triggered the unreachable. Or in your case, the type of unreachable you want to simulate.

I hope this helps.

• -Jeff
• --On Tuesday, February 25, 2003 11:16:51 -0500 libnet <libnet@intrusense.com> wrote:

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

> Hello all,

• -- http://www.snort.org/~jeff (pgp key available) "Perhaps the greatest responsibility in promoting peace is that of protecting it."
• - Me

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (OpenBSD)

iD8DBQE+W/cdEqr8+Gkj0/0RApFpAJ9a0G9L5uU7WwA/eRIEKuqovTpUSACcCqOY XlP+vCrnK8guLNJvxq4K3Z0=
=qCyW
-----END PGP SIGNATURE-----