Results 1 to 9 of 9

Thread: Cisco IDS reporting strange ICMP DoS attempts

Thread Tools
- Show Printable Version
Display
- Switch to Linear Mode
- Switch to Hybrid Mode
- Threaded Mode

Threaded View

November 8th, 2006, 11:22 PM #6
Lv4

View Profile

View Forum Posts

Visit Homepage
Senior Member

Join Date

Mar 2003

Posts

372
Originally Posted by Net2Infinity

I would look at your access-lists to see what traffic you are allowing from the outside interface to the DMZ. Sounds like you are allowing all ICMP inbound.

actually we aren't. We have some Fixup rules on the firewall that make it look like the balancer has ports open but in reality it doesn't. I've gone through all of the ACLs and no ICMP is allowed inbound. The PIX is reporting it to the internal IP simply because it is a NAT'd address for the same box... no traffic is really making it there.

That was one of the first things I was worried about also. ICMP inbound = bad.

Give a man a match and he will be warm for a while, light him on fire and he will be warm for the rest of his life.
Reply With Quote

Quick Navigation IDS & Scanner Discussions Top

« Previous Thread | Next Thread »

Posting Permissions

You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
[VIDEO] code is On
HTML code is Off

Forum Rules

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Thread: Cisco IDS reporting strange ICMP DoS attempts

Thread Tools

Display

Threaded View

Posting Permissions