[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] icmp packet drops?
Hello Matt, The reason for this is because Smartdefense is dropping the icmp packet. Smartdefense is kind of like having an 'mini IDS'. Among other things, it ensures that the icmp packet conforms to the max ping size as specified in the smartdefense configuration - which defaults to 64 bytes. As your log shows 'Packet data size: 75' this will be dropped, You can disable this on the firewall or configure the max size to something greater than the current value. Regards, Paul Dawson -----Original Message----- From: Matt Kehler [mailto:[email protected]] Sent: 22 August 2003 16:44 To: [email protected] Subject: [FW-1] icmp packet drops? Out of nowhere, I seem to be getting a lot of ICMP drops as per below. Any reason why I would be getting these out of nowhere? Since they are not rule generated; how can I turn off the logging on them? A setting in global properties I assume, or can I do it per enforcement module? NG AI on IPSO 3.7 build 23. Number: 1159 Date: 22Aug2003 Time: 11:37:27 Product: SmartDefense Interface: eth1c0 Origin: xxxxxxxxxxxxx Type: Log Action: Drop Protocol: icmp Source: xxxxxxxxxxxxxxxxxx Destination: xxxxxxxxxxxxxxxxxxx Attack Name: Large ping Information: Packet data size: 75 Attack Info: Echo request too long icmp-type: 8 icmp-code: 0 thx Matt ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= Please note that: 1. This e-mail may constitute privileged information. If you are not the intended recipient, you have received this confidential email and any attachments transmitted with it in error and you must not disclose, copy, circulate or in any other way use or rely on this information. 2. E-mails to and from the company are monitored for operational reasons and in accordance with lawful business practices. 3. The contents of this email are those of the individual and do not necessarily represent the views of the company. 4. The company does not conclude contracts by email and all negotiations are subject to contract. 5. The company accepts no responsibility once an e-mail and any attachments is sent. http://www.activis.com This annotation was added by the e-scan service. http://www.activis.com ---------------------------------------------------------------------------------- This message has been checked for all known viruses by e:)scan. For further information please contact [email protected] ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|