Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] OT: ICMP Packets from Boundary Router in FW-1 Logs

To: [email protected]
Subject: Re: [FW1] OT: ICMP Packets from Boundary Router in FW-1 Logs
From: Steven Lee <[email protected]>
Date: Thu, 26 Oct 2000 13:19:57 -0700
Cc: [email protected]
Organization: AVCOM Technologies, Inc.
References: <[email protected]>
Sender: [email protected]

This is likely to be ICMP destination unreachable packets coming
from the router back to the source. If your connection to your
ISP was down, the router will notify the source that the destination
cannot be reached.

If you have the Any Any Any Drop Long catch all rule at the
end of your policy, it should show the ICMP information necessary
to determine whether the packets are ICMP unreachable...

Steve

[email protected] wrote:

> Hi All,
>
> Sorry this is a bit off topic but I always welcome your input.  I looked for
> a more appropriate forum but could not find one active enough.
>
> My firewall logs are showing ICMP traffic coming from the internal interface
> of my boundary router, destined for seemingly random addresses within my
> internal network.  This has been occuring for some time but was only noticed
> when the connection to our ISP was down.
>
> The internal interface of my boundary router??  There is no evidence of a
> compromise of the boundary router, as the configuration has not changed, and
> the ICMP traffic continued while our ISP connection was down.  Additionally,
> I was the only one logged in to our boundary router while the traffic
> persisted.
>
> The router is a Cisco 2514 running IOS 11.2.  I know this is more of a Cisco
> issue, but it could also become a security issue.
>
> Any ideas or suggestions are welcome.  Thanks as always,
>
> Andy
>
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================

--
Steven Lee, CISSPSenior Network Security EngineerFAX
AVCOM Technologies, IncPager
4636 E Marginal Way S, Ste B-100   http://www.avcom.com
Seattle, WA 98134-2383             mailto:[email protected]




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] OT: ICMP Packets from Boundary Router in FW-1 Logs
  - From: [email protected]

Prev by Date: RE: [FW1] OT: ICMP Packets from Boundary Router in FW-1 Logs
Next by Date: [FW1] Contivity IPsec client through FW-1 with NAT
Previous by thread: [FW1] OT: ICMP Packets from Boundary Router in FW-1 Logs
Next by thread: RE: [FW1] OT: ICMP Packets from Boundary Router in FW-1 Logs
Index(es):
- Date
- Thread