HPE Community
Operating System - HP-UX
1834018 Members
2159 Online
110063 Solutions
New Discussion

HP 9000 creating ping traffic to internet address

 
SOLVED
Go to solution
Dave Siegfried
New Member

‎08-23-2001 01:55 PM

‎08-23-2001 01:55 PM

HP 9000 creating ping traffic to internet address

Somehow our Hp9000 (D380 box)is creating a ping to outside internet traffic by it self.
Does anyone know what may be causing this type of activity

Thanks
Dave Siegfried
0 Kudos
Reply
5 REPLIES 5
Vincent Stedema
Esteemed Contributor

‎08-23-2001 11:23 PM

‎08-23-2001 11:23 PM

Re: HP 9000 creating ping traffic to internet address

What's the OS version?
Could this possibly be the internet address of your default gateway that the box is trying to ping?

Regards,

Vincent
0 Kudos
Reply
John Bolene
Honored Contributor

‎08-24-2001 07:58 AM

‎08-24-2001 07:58 AM

Re: HP 9000 creating ping traffic to internet address

I wonder if this is DNS type traffic.

Any idea what outside address is being pinged?

How do you know it is being pinged?
It is always a good day when you are launching rockets! http://tripolioklahoma.org, Mostly Missiles http://mostlymissiles.com
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎08-24-2001 08:11 AM

‎08-24-2001 08:11 AM

Re: HP 9000 creating ping traffic to internet address

Could be DNS or Sendmail. See if you are generating mails without specifying smart relay in your /etc/mail/sendmail.cf file.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Dave Siegfried
New Member

‎08-24-2001 09:25 AM

‎08-24-2001 09:25 AM

Re: HP 9000 creating ping traffic to internet address

A little more info. . . .

using HP-UX 11.00

The addresses seem to be universities.

Here are the adresses being "pinged"
128.118.25.3
128.175.7.39
128.105.39.11
192.31.216.38

These 4 addresses cycle through every few seconds. ( None are our default gateway)

Regarding how do we know that ping traffic is actually happening:

Our firewall keeps a log file of this traffic ,which gets very large, quickly.

we are not using a smart relay in the sendmail.cf file
here is the setting in that file:
# "Smart" relay host (may be null)
DS

QUESTION:
Is this a normal activity (pinging the internet)for an HP9000 using sendmail???

Thanks for everyone's input
Dave
0 Kudos
Reply
Christopher Caldwell
Honored Contributor

‎08-24-2001 09:48 AM

‎08-24-2001 09:48 AM

Solution

Re: HP 9000 creating ping traffic to internet address

I imagine that you're seeing the effect of
your ip_pmtu_strategy. Here's a tech note from HP that explains what's happening:

HPSBUX0001-110 Security Vulnerability with PMTU strategy (revised)

The documents are listed below.
-------------------------------------------------------------------------------


Document ID: HPSBUX0001-110
Date Loaded: 20000213
Title: Security Vulnerability with PMTU strategy (revised)

-------------------------------------------------------------------------
**REVISED01**HEWLETT-PACKARD COMPANY SECURITY ADVISORY: #00110, 24 Jan 2000
Last Revised: 11 Feb. 2000
-------------------------------------------------------------------------

The information in the following Security Advisory should be acted upon
as soon as possible. Hewlett-Packard Company will not be liable for any
consequences to any customer resulting from customer's failure to fully
implement instructions in this Security Advisory as soon as possible.

-------------------------------------------------------------------------
PROBLEM: An HP-UX 10.30, 11.00, or 11.04 system can be used as an IP
traffic amplifier. Small amounts of inbound traffic can result
in larger amounts of outbound traffic.

PLATFORM: **REVISED01**
---->>> HP-UX releases 10.30, 11.00 and 11.04 only.

DAMAGE: Depending upon the amount and nature of inbound traffic, an
HP-UX 10.30/11.00/11.04 system can be used to flood a target
system with IP packets which could result in a denial of
service.

SOLUTION: Set the NDD parameter ip_pmtu_strategy to 1.

AVAILABILITY: This capability is already available.
CHANGE SUMMARY: Added HP-UX VirtualVault release 11.04.
-------------------------------------------------------------------------
I.
A. Background
HP provides a proprietary method for determining PMTU. When
traffic needs to be routed to a destination for which the optimum
MTU has not been determined, ICMP packets are used to discover
the MTU for that path while data traffic is shipped in parallel.
This is the default strategy for determining PMTU.

B. Recommended solution
Reference ndd manpage (1M), /etc/rc.config.d/nddconf

To ensure that this parameter is set each time the system
is booted, add the following lines to /etc/rc.config.d/nddconf

TRANSPORT_NAME[<index>]=ip
NDD_NAME[<index>]=ip_pmtu_strategy
NDD_VALUE[<index>]=1

The value of <index> is an integer from 0 to 99. The first
parameter specified in the file should use an <index> of
0, the second an <index> of 1, and so on.

Once these changes have been made, execute the following
command:

/usr/bin/ndd -c

This sets all of the options specified in the file
/etc/rc.config.d/nddconf.

To verify that the parameter is set correctly, use the following
command.
/usr/bin/ndd -get /dev/ip ip_pmtu_strategy

This should report a value of 1.

Another way to change the ip_pmtu_strategy parameter on a running
system is to use the following NDD command:

/usr/bin/ndd -set /dev/ip ip_pmtu_strategy 1

This setting will only last until the system is rebooted
at which point the value of the parameter will be determined by the
default value of 2 or whatever value is set in
/etc/rc.config.d/nddconf

Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.