Re: ICMP, normal traffic?
- From: Ansgar -59cobalt- Wiechers <usenet-2006@xxxxxxxxxxxxxxxx>
- Date: 2 Oct 2006 17:09:49 GMT
johnnypoll <jpollard@xxxxxxxxxxxxxxxx> wrote:
I had not replies to my earlier WAN Overload? email. Sadly our ISP has
simply said that our hardware would not be adversly affected by
broadcast traffic. Here is output from our firewall showing many ICMP
logs, is it normal to receive so many all within a second?
No, it's not normal to receive that many echo-requests. It may be
someone trying to DoS your uplink. The source IP looks like it's
dynamically assigned to dialup-users or something. The owner of the
netblock is Easynet [1], so you may want to contact them about this
matter.
However, since you said in your previous post that not only your inbound
but also your outbound traffic is unusually high, you may first want to
find out what's going on on your own network. Try inspecting the traffic
with a protocol analyzer (e.g. Wireshark [2]).
[1] http://www.easynet.net/
[2] http://www.wireshark.org/
cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
.
- References:
- ICMP, normal traffic?
- From: johnnypoll
- ICMP, normal traffic?
- Prev by Date: Cisco Pix Firewall 520 (6 interface) for sales
- Next by Date: Re: Unusual problem. Could it be firewall acting up?
- Previous by thread: ICMP, normal traffic?
- Next by thread: Cisco Pix Firewall 520 (6 interface) for sales
- Index(es):
Relevant Pages
|
