ICMP questions

Hi all!

My firewall seems to be blocking a lot of ICMP Type (11) Code (0) from random/unknown IP addressess. This can happen a lot in a day. What could be causing these? I’ve attached a snapshot of my firewall log. Here, the firewall seems to blocking these every 30 mins.

Using Windows XP SP3.

[attachment deleted by admin]

all you ever wanted to know about time exceeded but never dared to ask:

http://www.cisco.com/web/about/security/intelligence/ttl-expiry.html

Thank you for the link. I tried reading it but some parts just kinda flew over me.

Correct me if I’m wrong, so my network is being attacked of sort and that CIS is doing it’s job by blocking it? Or am I just assuming too much and should not worry about it? I’m behind a router, is there any way to block this from the router?

You can maybe block it from the router, and most certainly from CIS global rules themselves, unlogging it if it bothers you.

I however don’t think you should.

Time exceeded is, generally speaking, a normal protocol and does not mean that you are attacked.

Only that a packet that went over the time set to receive it is sent back to its expeditor, avoiding it to loop for an eternity on the web.

Thank you for this. I guess I’ll just ignore it.