Self2WAN ICMP type b Detected!

Retired_Member · ‎2015-04-07

I've been getting a few minor disconnections lately but nothing in the logs suggest what is causing it however I did notice a lot of these pop up:

[Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is dro Wednesday, Apr 08,2015 00:24:56

[Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is dro Wednesday, Apr 08,2015 05:44:59

The first one pasted here was 13 minutes before my twitter password was changed by someone that was not myself.

I'm highly concerned on what is actually happening now.

James_Watson · ‎2015-04-07

I think the ICMP packet is a normal TCP/IP packet. Do not worry about it.
It is for general calculation about network path.
For example, when we run command, ping, to some destination on our windows 7, it will generate some ICMP packets to the routers between my PC to the destination.

Retired_Member · ‎2015-04-09

Respond to ping is not enabled. This has only started happening in recent days, before this it was fine. I've also been getting brief disconnections too.

Retired_Member · ‎2015-04-09

This is my entire log of today so far.

[Admin login] from source 192.168.0.11, Thursday, Apr 09,2015 16:03:59
[Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Apr 09,2015 15:51:25
[Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Apr 09,2015 15:50:29
[Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Apr 09,2015 15:50:16
[Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Apr 09,2015 15:49:11
[Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Apr 09,2015 15:49:01
[Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Apr 09,2015 15:48:31
[Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Apr 09,2015 15:48:19
[Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Apr 09,2015 15:47:59
[Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Apr 09,2015 15:47:37
[Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Apr 09,2015 15:42:59
[Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Apr 09,2015 15:42:49
[Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Apr 09,2015 15:42:37
[Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Apr 09,2015 15:42:27
[Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Apr 09,2015 15:42:12
[Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Apr 09,2015 15:42:00
[Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Apr 09,2015 15:41:48
[Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Apr 09,2015 15:41:36
[Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Apr 09,2015 15:41:25
[Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Apr 09,2015 15:41:12
[Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Apr 09,2015 15:40:51
[Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Apr 09,2015 15:38:11
[Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Apr 09,2015 15:37:51
[Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Apr 09,2015 15:37:27
[Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Apr 09,2015 15:37:16
[Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Apr 09,2015 15:36:59
[Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Apr 09,2015 15:36:42
[DHCP IP: (192.168.0.5)] to MAC address 30:39:26:90:AA:59, Thursday, Apr 09,2015 14:48:39
[DHCP IP: (192.168.0.4)] to MAC address 20:10:7A:4E:86:66, Thursday, Apr 09,2015 13:42:10
[DHCP IP: (192.168.0.11)] to MAC address 9C:D2:1E:43:F5:9B, Thursday, Apr 09,2015 13:14:50
[DHCP IP: (192.168.0.4)] to MAC address 20:10:7A:4E:86:66, Thursday, Apr 09,2015 12:49:54
[DHCP IP: (192.168.0.2)] to MAC address D0:51:62:ED:F7:84, Thursday, Apr 09,2015 12:04:01
[DHCP IP: (192.168.0.3)] to MAC address 44:74:6C:B7:D4:AF, Thursday, Apr 09,2015 10:22:39
[DHCP IP: (192.168.0.4)] to MAC address 20:10:7A:4E:86:66, Thursday, Apr 09,2015 07:56:52
[DHCP IP: (192.168.0.2)] to MAC address D0:51:62:ED:F7:84, Thursday, Apr 09,2015 07:47:37
[DHCP IP: (192.168.0.5)] to MAC address 30:39:26:90:AA:59, Thursday, Apr 09,2015 03:17:27
[DHCP IP: (192.168.0.11)] to MAC address 9C:D2:1E:43:F5:9B, Thursday, Apr 09,2015 01:14:51
[DHCP IP: (192.168.0.11)] to MAC address 9C:D2:1E:43:F5:9B, Thursday, Apr 09,2015 01:05:00
[DHCP IP: (192.168.0.11)] to MAC address 9C:D2:1E:43:F5:9B, Thursday, Apr 09,2015 00:03:37
[DHCP IP: (192.168.0.11)] to MAC address 9C:D2:1E:43:F5:9B, Thursday, Apr 09,2015 00:03:05

Babylon5 · ‎2015-04-09

What model of router do you have?

Perhaps you should try to get your Public IP address changed. With a Cable service this is easily done in the router settings by changing the router’s reported MAC Address, change between ‘Default’ and ‘Use Computer MAC Address’ then reboot the modem so that it registers the new MAC address. With a DSL connection the IP may change more frequently anyway, but you could contact your ISP and ask them to change your Public IP.

Retired_Member · ‎2015-04-09

It's an N300.

My IP is fixed which according to my ISP means that it will only change after 30 days of internet inactivity. I've already had my IP changed twice within the last year due to recurrent denial of service attacks (it reported storm packets and I know who was responsible). My ISP isn't going to be pleased that I got yet another issue.

If I understood correctly, does changing the MAC address change the public IP?

Can you explain precisely what my the logs reported actually mean? That's one thing I can't seem to find at all.

Babylon5 · ‎2015-04-09

Well I’m no expert on that specific message, but it crops up quite a lot in Internet searches which suggest to me that it’s triggered by external events and not sourced from your LAN / Router. In that case I would say that if anything your ISP has more control over the matter than you do, how could you possibly prevent traffic from appearing at your WAN port? You pay your ISP for a service so they be trying to help you. If you have been allocated with a static IP, then the trick of changing MAC address may well fail. What model of N300 do you have?

Retired_Member · ‎2015-04-09

Oh sorry, lol. I don't do much with the router so I briefly thought N300 was the model. It's a DGN2200.

Babylon5 · ‎2015-04-10

OK, well since it’s a DSL router then that MAC Address change doesn’t apply, even more so with a Static IP.

I don’t think that the log messages are a significant issue, they are far too infrequent to be a problem in themselves, and if I understood some of those webpages I looked at they are related to a computer somewhere mistakenly believing that your network has a DNS server, and if so it’s not a malicious action.

I suggest that you contact your ISP to see what they have to say.

Nonce · ‎2015-09-15

AFAIK this just means your router's firewall is doing its job, keeping people out who are probing your public IP connection. Type B - I am assuming is hexidecimal for type 11 - is the code for Network Unreachable, your routers response to the probe. My router typically responds with Type 3 (Destination Unreachable - what you get when you ping something that doesn't exist) however I have also seen type b in the log.

As far as the probe itself goes, I would suggest its nothing to worry about. There are actors, both good (researchers) and bad constantly probing the internet looking for entry points or information about what's connected. Changing MAC address wont affect anything outside your local LAN (as it is only used by ethernet protocols, not IP which ICMP messages are based on). I do suggest you make sure your router is running the latest firmware available - I believe it is also possible to install openWRT on that model if you're up for it.

If you have services open through your firewall I would recommend changing passwords to something very strong (ie: random), given that it is public facing, and look into restricting access to those ports from the IP addresses you know you use, such as an office IP, or a range which might include your local regional IP block. The log entries posted don't include source IPs but if you have those you could look up a couple to see where the traffic is coming from.

Regarding your twitter password change, it is more likely a coincidence, and that it was picked up by a keylogger (run some anti malware/rootkit scans), or someone listening to your traffic on wifi, or coming out of your router (although that last one less likely). It is also possible, depending if you reuse passwords, that the actor picked up your login and password from a hacked password list from another service, simply guessed it (there are many tools for this which can be particularly effective if your password is short or non-random) or somehow tricked the system into allowing them access to your account via some 'forgot my password' mechanism.

~H

spectrum · ‎2017-07-27

I worked in tech support for various ISP's for over a decade. At a DSL ISP, if you speak with a level 2 technician, they can speak to a level 3 technician on your behalf and have them log into the aggregator which in the DSL world we refer to them as REDBACKS. Within this aggregator the technician can clear the ip addresses that are currently bound to the MAC addresses that are pulling ip addresses(its important to clear them all there could be two to five in there.). Once this is done, and the MAC has been changed in the router as sugested in an earlier post. The new router's mac address WILL pull a new public ip address. I would strongly sauggest assigning your router a MAC address that is consistant with a different manufacturers MAC addressing scheme to ensure that it pulls a new public IP. The first six hexadecimal characters identify the manufacturer of that network device. You can find a list of manufacturer MAC addresses on the internet, the last 6 hexidecimal characters can be anything you like.

Self2WAN ICMP type b Detected!

Self2WAN ICMP type b Detected!

Re: Self2WAN ICMP type b Detected!

Re: Self2WAN ICMP type b Detected!

Re: Self2WAN ICMP type b Detected!

Re: Self2WAN ICMP type b Detected!

Re: Self2WAN ICMP type b Detected!

Re: Self2WAN ICMP type b Detected!

Re: Self2WAN ICMP type b Detected!

Re: Self2WAN ICMP type b Detected!

Re: Self2WAN ICMP type b Detected!

Re: Self2WAN ICMP type b Detected!