Intrusion Prevention Alert ICMP
Posted on 2007-11-21
I have a few campuses logging the following alert on their sonicwall firewall:
11/19/2007 22:43:21.384 - Alert - Intrusion Prevention - IPS Detection Alert: ICMP Destination Unreachable (Port Unreachable), SID: 310, Priority: Low - 220.127.116.11, 53, WAN - 192.168.21.203, 1036, LAN, domaincontroller.ourdomain.com
I cannot find any information on this destination IP 18.104.22.168, except that its owned by Level3?? No reverse pointer, A, MX, NS or other DNS entry??
Each campus logging this alert to this IP is having it originate from their DC (Server 2003). All just started since Monday this week. Anyone have some data on what this IP device is? Or why this is coming from our DCs? All our DCs are setup to forward DNS requests to our ISPs.