[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] OT: ICMP Packets from Boundary Router in FW-1 Logs
What kind of ICMP? If the ISP link was down perhaps they were type 3 messages (Destination not reachable) - exactly what you would expect the Cisco to be sending back since the destination wasn't reachable. Geoff -----Original Message----- From: Reynolds, Tom [mailto:[email protected]] Sent: Thursday, October 26, 2000 4:06 PM To: '[email protected]'; [email protected] Subject: RE: [FW1] OT: ICMP Packets from Boundary Router in FW-1 Logs Can I quickly recommend you hook up a sniffer and confirm that they are indeed ICMP from the correct MAC and IP Protocol? Tom Reynolds, MCSE, CCNA _________________________ Pilgrim Baxter and Associates Network Security and Engineering 825 Duportail Rd. Wayne, Pennsylvania [email protected] -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Thursday, October 26, 2000 3:44 PM To: [email protected] Cc: [email protected] Subject: [FW1] OT: ICMP Packets from Boundary Router in FW-1 Logs Hi All, Sorry this is a bit off topic but I always welcome your input. I looked for a more appropriate forum but could not find one active enough. My firewall logs are showing ICMP traffic coming from the internal interface of my boundary router, destined for seemingly random addresses within my internal network. This has been occuring for some time but was only noticed when the connection to our ISP was down. The internal interface of my boundary router?? There is no evidence of a compromise of the boundary router, as the configuration has not changed, and the ICMP traffic continued while our ISP connection was down. Additionally, I was the only one logged in to our boundary router while the traffic persisted. The router is a Cisco 2514 running IOS 11.2. I know this is more of a Cisco issue, but it could also become a security issue. Any ideas or suggestions are welcome. Thanks as always, Andy ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|