Constant ICMP echo request

Hello,

A user who is running Linux had asked for email access to a 2000 Exchange server so I showed her how to access via OWA. Now my PIX is throwing Warnings from the Linux box to the exchange server "IDS:2004 ICMP echo request on interface inside" about once every second.

Is there an explanation for this? What is the correct method of fixing this without asking the user to close the browser or setting up a rule in the PIX?
JCarson_Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JCarson_Author Commented:
I should mention that the warnings are being recorded on a Kiwi Syslog server, the Pix is not affecting the Linux box or the exchange server.
0
Keith AlabasterEnterprise ArchitectCommented:
Can't say I know much about Linux at all but i have no similar traffic coming from my BSD Unix box to my OWA server. There is certainly no icmp traffic from any other clients to my OWA.

If you block the icmp requests from the linux box, does her OWA stop functioning?
0
jabiiiCommented:
If their using NIX, you might want to make sure where it is pointing for DNS. I saw a similar problem today, Solaris server wanting to send mail, but couldn't get a good nslookup on the Ip, so was sending ICMP requests.
0
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

ahoffmannCommented:
someone started a simple ping, your IDS should have recorded the IP, go to that mashine and stop ping
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JCarson_Author Commented:
- Keith, I don't know how to block the icmp requests. I tried putting in a command in the firewall, but I am still getting the warnings in the Kiwi syslog.

- jabiii, I will try your recommendation

- ahoffmann, I don't have IDS (yet)
0
jabiiiCommented:
also being liinux, I forget if you have tcpdump or snoop think it's tcpdump, you dump your interface for proto 1 or port 53. will show you any icmp and or dns requests on the linux box.
0
ahoffmannCommented:
> I don't have IDS (yet)

and what does this mean then?

> "IDS:2004 ICMP echo request on interface inside"

ok, the device which reported this messages should also know from which IP it came, that's what I meant with "IDS"
0
JCarson_Author Commented:
I thought you were referring to an Intrusion Detection System. The line came from Kiwi Syslog with the ip addresses omitted. I know the source and the destination, but I didn't see a ping command running on the box. I will reboot it and see if that fixes it.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.