[ILUG] "Admin prohibited filter"
Kenn Humborg
kenn at bluetree.ie
Wed Mar 22 10:47:03 GMT 2000
> got something in my tcpdump logs that I hadn't seen before. From about
> 1am till 5am, every half hour, I got an entry like this :
>
> 00:44:20.137989 165.21.XX.XXX > 194.145.131.102: icmp: host 155.69.X.XXX
> unreachable - admin prohibited filter
>
> (The uncensored IP address was my own dialup address)
Your machine tried to send an IP packet to 155.69.x.xxx. The
intermediate router at 165.21.xx.xxx was configured to reject
that type of packet, and send back 'admin prohibited filter'
in the ICMP packet with the reason.
For example, Linux IP 'reject' firewalling rules send back
these ICMP packets. 'deny' rules just silently drop traffic.
Ever seen this in a traceroute?
12 159.134.244.179 (159.134.244.179) 28.370 ms !X 79.128 ms !X 47.116 ms
!X
Those !X things mean 'admin prohibited filter'. In other words,
an admin has configured a router or host to reject that type of
packet.
Look back a few seconds through the tcpdump logs and see what
you tried to send to 155.69.x.xxx. That should give you a
clue as to what generated the traffic.
Later,
Kenn
More information about the ILUG
mailing list