Strange ICMPLogD problem

Geoff Shang gshang at
Fri Nov 15 00:20:17 EST 2002


I'm investigating what seems to be excessive usage on my internet account.
This might not be related, but I'm getting errors like this following in

Nov 15 15:06:27 data icmplogd: destination unreachable from

This is coming up a lot, once every couple of minutes.  My investigating
doesn't resolve the address, but I've determined that it belongs to, whoever they are.  I've also seen this in syslog:

Nov 15 15:04:25 data named[302]: ns_forw:
query( NS
points to CNAME (
learnt (CNAME=

So it would seem that something or someone is trying to contact this IP
address in Korea.  But, and here's where I'm stumped, I don't know what is
doing this or how to find out.  I've tried doing a TCP dump on the ethernet
port that connects to the net.  In the below output, is my
box.  This output was produced by running tcpdump -nli eth1 |grep

15:12:22.006107 > 3055 (45)
15:12:22.212485 > icmp: udp
53 unreachable
15:12:30.004769 > 45347 (45)
15:12:30.210541 > icmp: udp
53 unreachable
15:12:40.002941 > 27563 (45)
15:12:40.209887 > icmp: udp
53 unreachable
15:12:46.002378 > 49109 (45)
15:12:46.224578 > icmp: udp
53 unreachable
15:13:06.008228 > 49109 (45)
15:13:06.233248 > icmp: udp
53 unreachable
15:13:16.006478 > 27563 (45)
15:13:16.212437 > icmp: udp
53 unreachable

So am I right in guessing that someone is sending ICMP packets from
somewhere pretending to be the IP in question, but I can't return them?  Is
this something I should be worried about?


More information about the Speakup mailing list