r------------------------------- CST8165 Lab Attendance Exercise #90 - Week 10 ------------------------------- -Ian! D. Allen - idallen@idallen.ca - www.idallen.com This quick exercise is to register your attendance in this lab this week. Submit: cstsubmit 90 attendance.txt At 00:36 this morning, my home computer received the following ICMP packets (logged here by the iptables LOG facility): Nov 6 00:36:25 elm kernel: IPT_REL IN=ppp0 OUT= MAC= SRC=91.96.191.84 DST=66.11.100.100 LEN=88 TOS=0x00 PREC=0x00 TTL=239 ID=2406 PROTO=ICMP TYPE=5 CODE=1 GATEWAY=91.96.191.84 [SRC=66.11.100.100 DST=91.96.191.84 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=11951 DF PROTO=TCP SPT=55947 DPT=52525 WINDOW=5648 RES=0x00 SYN URGP=0 ] Nov 6 00:36:25 elm kernel: Redirect from 91.96.191.84 on ppp0 about 91.96.191.84 ignored. Nov 6 00:36:25 elm kernel: Advised path = 66.11.100.100 -> 91.96.191.84 Nov 6 00:36:28 elm kernel: IPT_REL IN=ppp0 OUT= MAC= SRC=91.96.191.84 DST=66.11.100.100 LEN=88 TOS=0x00 PREC=0x00 TTL=239 ID=2407 PROTO=ICMP TYPE=5 CODE=1 GATEWAY=91.96.191.84 [SRC=66.11.100.100 DST=91.96.191.84 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=11952 DF PROTO=TCP SPT=55947 DPT=52525 WINDOW=5648 RES=0x00 SYN URGP=0 ] Nov 6 00:36:28 elm kernel: Redirect from 91.96.191.84 on ppp0 about 91.96.191.84 ignored. Nov 6 00:36:28 elm kernel: Advised path = 66.11.100.100 -> 91.96.191.84 [... repeat several more times ...] The item inside square brackets is supposedly the header of the packet being redirected. (It's faked.) 1. What is the meaning of the given ICMP type and code? (see Google) 2. What is the cracker on host 91.96.191.84 trying to do to my machine? 3. What domain name goes with 91.96.191.84, and where is the host located? 4. Why was the ICMP request ignored by my Linux kernel?