mailing list archives
Re: Checkpoint NG3 ICMP Flood
From: Michael Schwartzkopff <misch () multinet de>
Date: Mon, 18 Dec 2006 20:01:29 +0100
Am Montag, 18. Dezember 2006 12:14 schrieb bdmoraes () bol com br:
I have one checkpoint NG3 in my company and verifying in Tracking i have
tousands of events with ICMP type 8 and type 17.
The events has origin in my internal networks, with one problem .. the
Source IP is my PAT address for internal hosts to internet.
Is there any bug of Checkpoint? Anyone already seen this event?
I will go verify with sniffers and other tools, but this IP (Only for PAT)
is no routeable in my internal networks...
Thanks for attention.
perhaps related to:
Sniffer: depends on what platform you use:
- Solaris: snoop
- everything else: tcpdump
Reading out the MAC adresses of there packets should give a clue in the
direction where to search further.
Dr. Michael Schwartzkopff
MultiNET Services GmbH
Bretonischer Ring 7
Tel: (+49 89) 456 911 - 0
Fax: (+49 89) 456 911 - 21
mob: (+49 174) 343 28 75
PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B