NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] OT: ICMP Packets from Boundary Router in FW-1 Logs



What kind of ICMP? If the ISP link was down perhaps they were type 3
messages (Destination not reachable) - exactly what you would expect the
Cisco to be sending back since the destination wasn't reachable.

Geoff

-----Original Message-----
From: Reynolds, Tom [mailto:[email protected]]
Sent: Thursday, October 26, 2000 4:06 PM
To: '[email protected]'; [email protected]
Subject: RE: [FW1] OT: ICMP Packets from Boundary Router in FW-1 Logs



Can I quickly recommend you hook up a sniffer and confirm that they are
indeed ICMP from the correct MAC and IP Protocol?

Tom Reynolds, MCSE, CCNA
_________________________
Pilgrim Baxter and Associates
Network Security and Engineering
825 Duportail Rd.
Wayne, Pennsylvania [email protected]


-----Original Message-----
From: [email protected] [mailto:[email protected]]
Sent: Thursday, October 26, 2000 3:44 PM
To: [email protected]
Cc: [email protected]
Subject: [FW1] OT: ICMP Packets from Boundary Router in FW-1 Logs



Hi All,

Sorry this is a bit off topic but I always welcome your input.  I looked for

a more appropriate forum but could not find one active enough.

My firewall logs are showing ICMP traffic coming from the internal interface

of my boundary router, destined for seemingly random addresses within my 
internal network.  This has been occuring for some time but was only noticed

when the connection to our ISP was down.

The internal interface of my boundary router??  There is no evidence of a 
compromise of the boundary router, as the configuration has not changed, and

the ICMP traffic continued while our ISP connection was down.  Additionally,

I was the only one logged in to our boundary router while the traffic 
persisted.

The router is a Cisco 2514 running IOS 11.2.  I know this is more of a Cisco

issue, but it could also become a security issue.

Any ideas or suggestions are welcome.  Thanks as always,

Andy


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.