[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] ICMP Flood from Internal IP
----Original Message Follows---- From: "Carrico, Emily" To: "Fw-1-Mailinglist (E-mail)" Subject: [FW1] ICMP Flood from Internal IP Date: Tue, 24 Apr 2001 13:55:08 -0400 We have FW1, v4.1 running on an NT4 machine. Last week I installed BlackICE Defender on my workstation which sits on our internal segment. Over the weekend BlackICE recorded an ICMP Flood attack coming from the internal interface on the firewall with the following information detailed: IP: internal NIC ip DNS: internal NIC ip dns name NetBIOS: OS administrator name Node: name of machine Group: WORKGROUP MAC: MAC address Has any one seen this before? Is this a false positive? Is there anything on the fw that could cause this type of traffic, besides the fw being compromised? And if it has been compromised, what should I be looking for on the machine itself? Thanks for your help, ^ Emily Carrico ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================ _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|