Security Basics mailing list archives

RE: Strange response from PIX

From: "Andrew Shore" <andrew.shore () holistecs com>
Date: Fri, 1 Jul 2005 09:43:18 +0100

Was the PIX connected to the internet at the time?

-----Original Message-----
From: dissolved [mailto:dissolved () comcast net] 
Sent: 30 June 2005 01:48
To: security-basics () securityfocus com
Subject: Strange response from PIX

Hi all,

From the DMZ (1.0), I ran an nmap scan (-sA switch) towards the subnet

my
PIX protects (192.168.2.0 /24).  I ran a sniffer while doing this, and
noticed the PIX responded with an ip of 10.89.112.1     I dont have a
class
A scheme.  Why is this 10.88.112.1 address showing up from the PIX?


05:10:05.232940 IP (tos 0x0, ttl 254, id 39360, offset 0, flags [none],
proto: ICMP (1), length: 56) 10.89.112.1 > 192.168.1.5: ICMP host
192.168.2.1 unreachable - admin prohibited filter, length 36

thanks

Current thread:

RE: Strange response from PIX dissolved (Jul 04)
- RE: Strange response from PIX Vinny Lape (Jul 05)
  - RE: Strange response from PIX jpippin (Jul 11)
- <Possible follow-ups>
- RE: Strange response from PIX Andrew Shore (Jul 04)
- RE: Strange response from PIX Fields, James (Jul 05)