Solved

ping of death msg from fire wall Clean domain controler origin

Posted on 2004-03-24
8
258 Views
Last Modified: 2013-12-19
I am trying to figure out why our firewall is detecting ICMP (ping of death) coming from one of our remote DC's Going to machines on the main network.  (different subnet).

What is the DC trying to get from these machines and how do you stop it.

Going crazy with all the auto alerts from the firewall it is polluting my e-mail

Thanks
0
Comment
Question by:WinkDB
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 10668237
Has it always been like this? If not, has anything changed recently? Any replication going on with this remote DC?
0
 

Author Comment

by:WinkDB
ID: 10668340
it is a one way replication from the main dc on the main subnet.  Sorry I do not know that much in terms of details.  

Thanks
0
 
LVL 32

Expert Comment

by:LucF
ID: 10668367
An ICMP is just a "hello, are you there" package.
How do you know it's meant as a ping of death?

I suggest you to just change the mailing rules so it doesn't report these.

Greetings,

LucF
0
Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

 
LVL 2

Expert Comment

by:ministry92
ID: 10668756
LucF is right, what problems is this causing?  I'm assuming you have AV running on the remote DC?  If so, just write it off to a bad trip and adjust your notification metrics.
0
 

Author Comment

by:WinkDB
ID: 10669752
I knew that much I guess.  I wanted to be more specific and figure out the on off for the ICMP in regards to the remote dc communcating to the main subnet.  Why does it only ask are you there to just a few machines for example three out of twenty or so machines running.

The firewall just sees the packet size and generaicaly alerts us to  a ping of death.  I am realy just trying learn what is going on.  I will get there  just turning off the alert from the firewall is too simple.  I guess it is not a crisis so do not worry about to much unless there is something I can learn from this.

Thanks
0
 
LVL 32

Expert Comment

by:LucF
ID: 10669803
>>The firewall just sees the packet size and generaicaly alerts us to  a ping of death.
Ok, now I understand.

Run a virusscan on the sending server: (even though you probably have allready one running on that server)

http://www3.ca.com/virusinfo/virusscan.aspx
http://housecall.trendmicro.com/ 

If you have no luck with it, use this tool and post the logfile (after edditing out your own domainname)
 http://209.133.47.200/~merijn/files/HijackThis.exe

LucF
0
 
LVL 7

Expert Comment

by:spareticus
ID: 10670213
Your DC's will ping each other to verify connectivity.  
If there is truly a ping of death coming from that DC, then that is malware of some type.
It won't have any real effect on today's systems, but i can imagine it is a pain to see all the alerts.
You might look at the following to ensure you have all the appropriate ports open for a DC on a firewall

http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q179/4/42.asp&NoWebContent=1
0
 
LVL 2

Accepted Solution

by:
mbwortham earned 500 total points
ID: 10692876
You may also try updating firmware / software for your firewall.  It is not uncommon to see firewalls incorrectly identifying certain legit traffic patterns as an "attack".  The detection methods may be fixed in a newer revision.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
FTP output from Wireshak 6 103
forward schedule of change 1 75
domain controllers numbers 4 100
Application integration into Active Directory 3 39
Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question