Security Basics mailing list archives
ICMP Redirect Help
From: Rob Riskin <rriskin () gmail com>
Date: Tue, 27 Apr 2010 12:18:22 -0400
Hey everyone, This is my first time writing to this list so please bear with me. I recently updated my snort sensor to 2.8.6 yesterday and loaded it up and started receiving a bunch of ICMP Redirect Host alerts. The source is one of my layer 3 switches (but it routes as well) and the destinations are my two domain controllers (DNS, DHCP), my exchange server, and about 18 random workstations. Deeper in the packet it has an original source of 128.6.x.x block address which resolves to staff-108.scc.rutgers.edu or rutgers.edu addresses and then the destination is my internal servers. So somehow these source addresses are making their way into my network, accessing our switch and getting forwarded to certain servers. I've googled to no end about this and find answers that it is just normal "bat" traffic or it could be the winfreeze exploit. I have firewalls blocking inbound traffic and i'm not sure how to determine the cause or reasoning behind these addresses. Our network has no affiliation with rutgers so I have no idea why these addresses would be coming in. The only inbound traffic that our exchange server should be receiving is from our spam filtering company and that is rule based via the firewall. Can anyone point me in the right direction on where i should check or determine what this traffic even is or how to stop it? I have a laptop with wireshark and am ready to sniff but i'm not sure at what point to sniff. If i sniff internally it's just going to be traffic from my router not the external address. Thanks in advanced! ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- ICMP Redirect Help Rob Riskin (Apr 27)
- Message not available
- Re: ICMP Redirect Help Rob Riskin (Apr 27)
- Message not available
- Re: ICMP Redirect Help Mark (Apr 27)
- Re: ICMP Redirect Help Mark (Apr 27)
- RES: ICMP Redirect Help Anderson Carvalho (Netplan) (Apr 30)
- Re: ICMP Redirect Help Mark (Apr 27)