[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <200612182001.33173.misch@multinet.de>
Date: Mon, 18 Dec 2006 20:01:29 +0100
From: Michael Schwartzkopff <misch@...tinet.de>
To: bugtraq@...urityfocus.com
Subject: Re: Checkpoint NG3 ICMP Flood
Am Montag, 18. Dezember 2006 12:14 schrieb bdmoraes@....com.br:
> Dear All,
>
> I have one checkpoint NG3 in my company and verifying in Tracking i have
> tousands of events with ICMP type 8 and type 17.
>
> The events has origin in my internal networks, with one problem .. the
> Source IP is my PAT address for internal hosts to internet.
>
> Is there any bug of Checkpoint? Anyone already seen this event?
>
> I will go verify with sniffers and other tools, but this IP (Only for PAT)
> is no routeable in my internal networks...
>
> Thanks for attention.
> Poison
hi,
perhaps related to:
http://www.incidents.org/diary.php?storyid=1949&isc=ae18b977be6828a8c9bf904d72cc5630
Sniffer: depends on what platform you use:
- Solaris: snoop
- everything else: tcpdump
Reading out the MAC adresses of there packets should give a clue in the
direction where to search further.
--
Dr. Michael Schwartzkopff
MultiNET Services GmbH
Bretonischer Ring 7
85630 Grasbrunn
Tel: (+49 89) 456 911 - 0
Fax: (+49 89) 456 911 - 21
mob: (+49 174) 343 28 75
PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B
Skype: misch42
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists