On Sat, 7 Jul 2001, Kurt Roeckx wrote:
> I upgraded from 2.4.3 to 2.4.6 two days ago, and suddenly get
> message like this:
>
> Jul 5 19:05:51 thunderbird kernel: ICMP NDISC: fake message with
> non-255 Hop Limit received: 249
> Jul 5 19:05:53 thunderbird last message repeated 2 times
> Jul 5 19:07:16 thunderbird last message repeated 20 times
[snip]
> Is this a bad thing? Can I do something to help debug this?
The specs require that all IPv6 neighbour discovery messages MUST be
originated in the same network. In your case, you're getting these
messages from over the Internet.
Someone is probably trying to do something nasty.
Still, I'd suggest getting tcpdump 3.6.2 (compiled with ipv6), and
capturing the traffic a bit if this happens again:
# tcpdump -n -s 512 -vvv icmp6
If you do capture something, please also describe your network topology.
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
|