Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] drop, icmp, rule 0 from broadcast? HELP!

To: [email protected]
Subject: Re: [FW-1] drop, icmp, rule 0 from broadcast? HELP!
From: "Reed Mohn, Anders" <[email protected]>
Date: Fri, 28 Dec 2001 10:55:48 +0100
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Uhh.  aren't "Service", and "Dest. port" meaningless for ICMP?

Anyway, setting up a rule to drop these packets
is not going to solve the problem, just hide it.

I'd get out a packet sniffer, and try to trace down
the source ASAP.

The "allow broadcasts"-setting only specifies whether
the broadcast address is regarded as a valid
IP-address for that particular network.
In other words, if it's on (allowed), any packets to/from it
will be allowed, and must be stopped by other rules.
If it's off, they will be stopped (by anti-spoofing checks, I guess).
In any case, you're gonna see the packets in the logs.

Cheers,
Anders :)


> -----Original Message-----
> From: Yanek Korff [mailto:[email protected]]
> Sent: 21. desember 2001 19:44
> To: [email protected]
> Subject: [FW-1] drop, icmp, rule 0 from broadcast? HELP!
>
>
> I have a FW in place, not yet in production, and it's
> CONSTANTLY loggging
> these drops:
>
> Interface: internal interface
> Type: log
> Action: drop
> Service: hiport (>1024)
> Source: 10.1.255.255
> Destination: Various internal 10.1.x.x hosts
> Proto: icmp
> Rule: 0
> S_Port: 771
>
> And I can't get them to stop logging.  What are these, and
> how do I get rid
> of them?  They're really filling up my FW logs.
>
> I've tried setting the network object "LAN" (10.1.0.0/255.255.0.0) to
> disallow broadcast... and allow broadcast... both to no avail.
>
> -Yanek.
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] drop, icmp, rule 0 from broadcast? HELP!
  - From: "Chris 'Chipper' Chiapusio" <[email protected]>

Prev by Date: [FW-1] FW-1 Log directory
Next by Date: Re: [FW-1] FW-1 Log directory
Previous by thread: Re: [FW-1] drop, icmp, rule 0 from broadcast? HELP!
Next by thread: Re: [FW-1] drop, icmp, rule 0 from broadcast? HELP!
Index(es):
- Date
- Thread