WinkDB
asked on
ping of death msg from fire wall Clean domain controler origin
I am trying to figure out why our firewall is detecting ICMP (ping of death) coming from one of our remote DC's Going to machines on the main network. (different subnet).
What is the DC trying to get from these machines and how do you stop it.
Going crazy with all the auto alerts from the firewall it is polluting my e-mail
Thanks
What is the DC trying to get from these machines and how do you stop it.
Going crazy with all the auto alerts from the firewall it is polluting my e-mail
Thanks
Gareth Gudger
Has it always been like this? If not, has anything changed recently? Any replication going on with this remote DC?
ASKER
it is a one way replication from the main dc on the main subnet. Sorry I do not know that much in terms of details.
Thanks
Thanks
An ICMP is just a "hello, are you there" package.
How do you know it's meant as a ping of death?
I suggest you to just change the mailing rules so it doesn't report these.
Greetings,
LucF
How do you know it's meant as a ping of death?
I suggest you to just change the mailing rules so it doesn't report these.
Greetings,
LucF
LucF is right, what problems is this causing? I'm assuming you have AV running on the remote DC? If so, just write it off to a bad trip and adjust your notification metrics.
ASKER
I knew that much I guess. I wanted to be more specific and figure out the on off for the ICMP in regards to the remote dc communcating to the main subnet. Why does it only ask are you there to just a few machines for example three out of twenty or so machines running.
The firewall just sees the packet size and generaicaly alerts us to a ping of death. I am realy just trying learn what is going on. I will get there just turning off the alert from the firewall is too simple. I guess it is not a crisis so do not worry about to much unless there is something I can learn from this.
Thanks
The firewall just sees the packet size and generaicaly alerts us to a ping of death. I am realy just trying learn what is going on. I will get there just turning off the alert from the firewall is too simple. I guess it is not a crisis so do not worry about to much unless there is something I can learn from this.
Thanks
>>The firewall just sees the packet size and generaicaly alerts us to a ping of death.
Ok, now I understand.
Run a virusscan on the sending server: (even though you probably have allready one running on that server)
http://www3.ca.com/virusinfo/virusscan.aspx
http://housecall.trendmicro.com/
If you have no luck with it, use this tool and post the logfile (after edditing out your own domainname)
http://209.133.47.200/~merijn/files/HijackThis.exe
LucF
Ok, now I understand.
Run a virusscan on the sending server: (even though you probably have allready one running on that server)
http://www3.ca.com/virusinfo/virusscan.aspx
http://housecall.trendmicro.com/
If you have no luck with it, use this tool and post the logfile (after edditing out your own domainname)
http://209.133.47.200/~merijn/files/HijackThis.exe
LucF
Your DC's will ping each other to verify connectivity.
If there is truly a ping of death coming from that DC, then that is malware of some type.
It won't have any real effect on today's systems, but i can imagine it is a pain to see all the alerts.
You might look at the following to ensure you have all the appropriate ports open for a DC on a firewall
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q179/4/42.asp&NoWebContent=1
If there is truly a ping of death coming from that DC, then that is malware of some type.
It won't have any real effect on today's systems, but i can imagine it is a pain to see all the alerts.
You might look at the following to ensure you have all the appropriate ports open for a DC on a firewall
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q179/4/42.asp&NoWebContent=1
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.