Security Basics mailing list archives
RE: Strange response from PIX
From: "Andrew Shore" <andrew.shore () holistecs com>
Date: Fri, 1 Jul 2005 09:43:18 +0100
Was the PIX connected to the internet at the time? -----Original Message----- From: dissolved [mailto:dissolved () comcast net] Sent: 30 June 2005 01:48 To: security-basics () securityfocus com Subject: Strange response from PIX Hi all,
From the DMZ (1.0), I ran an nmap scan (-sA switch) towards the subnet
my PIX protects (192.168.2.0 /24). I ran a sniffer while doing this, and noticed the PIX responded with an ip of 10.89.112.1 I dont have a class A scheme. Why is this 10.88.112.1 address showing up from the PIX? 05:10:05.232940 IP (tos 0x0, ttl 254, id 39360, offset 0, flags [none], proto: ICMP (1), length: 56) 10.89.112.1 > 192.168.1.5: ICMP host 192.168.2.1 unreachable - admin prohibited filter, length 36 thanks
Current thread:
- RE: Strange response from PIX dissolved (Jul 04)
- RE: Strange response from PIX Vinny Lape (Jul 05)
- RE: Strange response from PIX jpippin (Jul 11)
- <Possible follow-ups>
- RE: Strange response from PIX Andrew Shore (Jul 04)
- RE: Strange response from PIX Fields, James (Jul 05)
- RE: Strange response from PIX Vinny Lape (Jul 05)