what does the icmp_time_exceeded event mean?
It's its own ICMP message (it indicated a datagram whose TTL expired, so
for example traceroute uses these) - it does not have any relationship to
other ICMP's timing out.
Vern
hi vern
isn't there a possibility (an event) to recognize icmp requests dropped
by the firewall. like the event connection_attempt in case of tcp.
for example this would be useful to detect the welchia worm which scans
for victims via icmp.
thanx
christoph
Zitat von Vern Paxson <vern@icir.org>: