ports/140867: [nagios-plugins/check_icmp] default packets size is 68 bytes which is blocked on many gateways
Helmut Schneider
jumper99 at gmx.de
Wed Nov 25 16:40:02 UTC 2009
>Number: 140867
>Category: ports
>Synopsis: [nagios-plugins/check_icmp] default packets size is 68 bytes which is blocked on many gateways
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Nov 25 16:40:01 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Helmut Schneider
>Release: 8.0-RELEASE
>Organization:
>Environment:
FreeBSD BSDHelmut.charlieroot.de 8.0-RELEASE FreeBSD 8.0-RELEASE #1: Mon Nov 23 18:31:07 CET 2009 root at BSDHelmut.charlieroot.de:/usr/obj/usr/src/sys/GENERIC-QUOTA-PF-ALTQ amd6
>Description:
Since 8.0 check_icmp sends an echo request packet of 68 byte payload which is blocked on many gateways. < 8.0 sends a packet of 56 byte which is fine (and according to man 8 ping the default).
>How-To-Repeat:
/usr/local/libexec/nagios/check_icmp -H $server
-> timeout, dropped by gateway
e.g. Checkpoint gateway reports:
Number: 57034
Date: 25Nov2009
Time: 17:17:31
Interface: EL90XBC2
Action: Drop
Protocol: icmp
Source: ****
Destination: ****
Information: Packet info: Packet data size: 68
ICMP: Echo Request
ICMP Type: 8
ICMP Code: 0
Attack: Large ping
Attack Information: Echo request too big
Origin: FIRE
Product: SmartDefense
SmartDefense Profile: Default_Protection
Type: Log
Policy Info: Policy Name: default
Created at: Mon Oct 12 15:31:50 2009
Installed from: FIRE
>Fix:
/usr/local/libexec/nagios/check_icmp -b 64 -H $server
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list