I'm noticing some suspicious syslog messages from my edge router. Here's an example; Mar 27 17:49:49 192.168.1.2 Fri Mar 27 16:50:06 2009 ALLSAINTS System Log: Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.197 to 85.224.97.188 Mar 27 17:49:49 192.168.1.2 Fri Mar 27 16:50:06 2009 ALLSAINTS System Log: Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.197 to 85.224.97.188 Mar 27 18:11:24 local Listening for Syslog messages on IP address: 192.168.1.197 Mar 27 18:27:20 192.168.2.254 -- MARK -- Mar 27 18:38:41 192.168.1.2 Fri Mar 27 17:39:02 2009 ALLSAINTS System Log: Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.197 to 206.173.194.111 Mar 27 18:38:44 192.168.1.2 Fri Mar 27 17:39:05 2009 ALLSAINTS System Log: Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.197 to 206.173.194.111 Searching for "Blocked outgoing ICMP packet (ICMP type 3)" via Google hit dozens of responses indicating the same issue, lots of discussion and request for further info, but no real answers as to the source of these errant packets. I can't quite accept that these are ping-sweep responses. The "source" is my PC, and I'm behind at least three NAT boundaries with no port-forwarding happening on my router. I also have other devices on the net, but only the one PC is ever the source. All of the documented responses I've found have included multiple sweeps by anti-malware, virus and rootkit detectors without any positive results noted. Does anyone know what the source of this traffic might be? Torrent software has been put forth as a possible source. I occasionally use BitTorrent, but AFIK it has no "preload" process or service, and I only use when needed. Cary Stotland
