Security Basics mailing list archives
Re: unable to ping behind cisco pix firewall even no deny access list
From: Alexander Lukyanenko <sashman () ua fm>
Date: Sat, 6 Dec 2003 22:34:11 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Hilal, Saturday, December 6, 2003, 5:58:43 PM, you wrote: HH> I can browse the internet, telnet, msn, chating, but I CAN"T do ping any HH> internet host (like yahoo, or cnn) This is a pretty typical behavior. The ICMP (ping) packets get dropped somewhere along the path. It may be your firewall that disallows ICMP Echo Requests and Responses. It may be your ISP. It may be the target host (like yahoo.com and microsoft.com in fact DO block ICMP). HH> and also some users can't access the HH> internet web based BANK LOGGIN ACCOUNT, and maybe other internet services! Open the 443/TCP (outbound) port on the firewall, if it is not open already. That would allow the users from inside the network to connect to the HTTP Secure port (https://) on the outside machines, such as e-finance servers. HH> if not, let me add some points that might make things clearer. Please specify what machines are on the network, what OSes are running, are they patched in time (especially the case with Windows systems), do the IP addresses belong to the private subnets? (do the IPs start with 10 or 192.168?). HH> Our network HH> has been infected and still infected by a virus that is using one of the HH> pc's to generate lots of arp traffics which is affecting the whole network HH> throughput. A common practice is to unplug the infected machines from the network and not to connect them back until they are all cleaned up and double checked. I urge you to do that now. You can save yourself a lot of headache in the future if you will deal with incidents as soon as they appear. HH> could this be overwhelming the firewall buffer ? nevertheless, I HH> reboot the cisco pix firewall, but the problem still the same, NO CHANGES. It may be flooding the ARP table of the firewall. (AFAIR, someone have recently asked how to flood the ARP table of a Cisco) HH> Moreover, I am using the Kiwi Syslog Daemon software to audit logs of the HH> pix firewall, but it is not giving anything on the screen as it is saying HH> "unable to open UDP socket on port 514". What OS do the Kiwi syslogd run at? Is the system secure? HH> Please tell me, is this issue related to the aboved mentioned issue or what? HH> if not, how to resolve it, knowing that i installed Fport and it showed me HH> that udp port is already used by the sytem, with no service name mentioned. HH> I wish you are not confused with these junk of issues, maybe it is related HH> maybe not, but all i want to say that it happened all at once, and i am not HH> able to figure out what could be the resolution steps. * * * * * * * * * * * * * * * * Alexander V. Lukyanenko * * ma1lt0: sashman ua fm * * ICQ# : 86195208 * * Phone : +380 44 458 07 23 * * OpenPGP key ID: 75EC057C * * NIC : SASH4-UANIC * * * * * * * * * * * * * * * * -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (MingW32) iD8DBQE/0j1Llz+8e3XsBXwRAiuSAKCdxpWeEzv/GIAIN9vyu1M1H0qVIgCeLXVW 6wKHIMH1fvZjc4x/TccFdvo= =Utka -----END PGP SIGNATURE-----
Current thread:
- unable to ping behind cisco pix firewall even no deny access list Hilal Hussein (Dec 08)
- Re: unable to ping behind cisco pix firewall even no deny access list Alexander Lukyanenko (Dec 08)
- <Possible follow-ups>
- RE: unable to ping behind cisco pix firewall even no deny access list Charlie Winckless (Dec 09)