题
I'm using pure Python ping utility from ftp://ftp.visi.com/disk3/mdc/ping.py to monitor hosts across the network and my ZyWALL USG200 router is complaining like this:
from Any to DMZ, [type=ICMP-Decoder(8911017)] bad-icmp-l4-size ATTACK bad-icmp-l4-size Action: No Action Severity: medium
What could be wrong?
UPD: I'll try to capture actual packets via USG's maintenance menu and compare with Linux ping...
解决方案 2
I've copied ping packet contents from WireShark analysis of captured packets - code had it as 192 letters Q, ping had it bit differently:
replace or insert after line 128
data = 192 * 'Q'
the correct definition of packet contents
data = 'e283030000000000101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637'.decode("hex")
and warnings went away.
But indeed I may want to look for cleaner implementation as José suggests.
其他提示
According to the warning of your router, looks like the ICMP packet is not well formed. Particularly, the size of the layer 4 (ICMP) of the packet seems to be wrong (bad-icmp-l4-size).
You should use something like tcpdump to get the content of the sent package, using something like:
https://stackoverflow.com/questions/20644595
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russiansudo tcpdump -nnvXS -c1 icmp
In your situation, I'd rather look for another implementation. That code is a mess.
