?
Solved

Constant ICMP echo request

Posted on 2006-04-10
8
Medium Priority
?
1,270 Views
Last Modified: 2012-08-13
Hello,

A user who is running Linux had asked for email access to a 2000 Exchange server so I showed her how to access via OWA. Now my PIX is throwing Warnings from the Linux box to the exchange server "IDS:2004 ICMP echo request on interface inside" about once every second.

Is there an explanation for this? What is the correct method of fixing this without asking the user to close the browser or setting up a rule in the PIX?
0
Comment
Question by:JCarson_
  • 3
  • 2
  • 2
  • +1
8 Comments
 

Author Comment

by:JCarson_
ID: 16419520
I should mention that the warnings are being recorded on a Kiwi Syslog server, the Pix is not affecting the Linux box or the exchange server.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16420254
Can't say I know much about Linux at all but i have no similar traffic coming from my BSD Unix box to my OWA server. There is certainly no icmp traffic from any other clients to my OWA.

If you block the icmp requests from the linux box, does her OWA stop functioning?
0
 
LVL 9

Expert Comment

by:jabiii
ID: 16421475
If their using NIX, you might want to make sure where it is pointing for DNS. I saw a similar problem today, Solaris server wanting to send mail, but couldn't get a good nslookup on the Ip, so was sending ICMP requests.
0
Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

 
LVL 51

Accepted Solution

by:
ahoffmann earned 450 total points
ID: 16425615
someone started a simple ping, your IDS should have recorded the IP, go to that mashine and stop ping
0
 

Author Comment

by:JCarson_
ID: 16425870
- Keith, I don't know how to block the icmp requests. I tried putting in a command in the firewall, but I am still getting the warnings in the Kiwi syslog.

- jabiii, I will try your recommendation

- ahoffmann, I don't have IDS (yet)
0
 
LVL 9

Assisted Solution

by:jabiii
jabiii earned 150 total points
ID: 16427130
also being liinux, I forget if you have tcpdump or snoop think it's tcpdump, you dump your interface for proto 1 or port 53. will show you any icmp and or dns requests on the linux box.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 16428026
> I don't have IDS (yet)

and what does this mean then?

> "IDS:2004 ICMP echo request on interface inside"

ok, the device which reported this messages should also know from which IP it came, that's what I meant with "IDS"
0
 

Author Comment

by:JCarson_
ID: 16428283
I thought you were referring to an Intrusion Detection System. The line came from Kiwi Syslog with the ip addresses omitted. I know the source and the destination, but I didn't see a ping command running on the box. I will reboot it and see if that fixes it.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month13 days, 10 hours left to enroll

750 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question