Bugtraq mailing list archives
Re: Checkpoint NG3 ICMP Flood
From: Michael Schwartzkopff <misch () multinet de>
Date: Mon, 18 Dec 2006 20:01:29 +0100
Am Montag, 18. Dezember 2006 12:14 schrieb bdmoraes () bol com br:
Dear All, I have one checkpoint NG3 in my company and verifying in Tracking i have tousands of events with ICMP type 8 and type 17. The events has origin in my internal networks, with one problem .. the Source IP is my PAT address for internal hosts to internet. Is there any bug of Checkpoint? Anyone already seen this event? I will go verify with sniffers and other tools, but this IP (Only for PAT) is no routeable in my internal networks... Thanks for attention. Poison
hi, perhaps related to: http://www.incidents.org/diary.php?storyid=1949&isc=ae18b977be6828a8c9bf904d72cc5630 Sniffer: depends on what platform you use: - Solaris: snoop - everything else: tcpdump Reading out the MAC adresses of there packets should give a clue in the direction where to search further. -- Dr. Michael Schwartzkopff MultiNET Services GmbH Bretonischer Ring 7 85630 Grasbrunn Tel: (+49 89) 456 911 - 0 Fax: (+49 89) 456 911 - 21 mob: (+49 174) 343 28 75 PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B Skype: misch42
Attachment:
_bin
Description:
Current thread:
- Checkpoint NG3 ICMP Flood bdmoraes (Dec 18)
- Re: Checkpoint NG3 ICMP Flood Michael Schwartzkopff (Dec 18)
- Re: Checkpoint NG3 ICMP Flood Hugo van der Kooij (Dec 18)