Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Firewall / Router ping Lan systems

Posted on 2009-05-17
10
Medium Priority
?
826 Views
Last Modified: 2013-11-16
Questions
If the Source is the router 192.168.10.1 and there is no connection to router uncounted for.  How is this possible? Is the router infected??
How can I track down the cause of this if its LAN based?  

See Attachment
Equipment-Safe-office--500W--ver.pdf
0
Comment
Question by:JSoup
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
10 Comments
 
LVL 5

Expert Comment

by:ksims1129
ID: 24406880
Are you trying to say the router is the only thing connected to the internet. or is there some other hosts connected to the router and they do not account for these IP addresses? this is to vague.
0
 
LVL 8

Author Comment

by:JSoup
ID: 24407818
Issue restated.
Thousands of Stateless ICMP are recorded in the logs for three week now.  The source of thousands of Stateless ICMP is the Checkpoint router @ 192.168.10.1..  They are sent to every system connected to the Checkpoint router @ 192.168.10.1. 100 of Hours of Scanning & Troubleshooting on each system including a Clean rebuild of 1 system to insure it was not from the a system has not changed the issue.  

Sofaware has stated its source is the LAN.  I am now looking at 3rd party answer and or suggestion to address this problem.  

If its a virus its New.  
Network-Configuration.pdf
0
 
LVL 57

Expert Comment

by:giltjr
ID: 24417817
Are all of the devices directly connected to the Checkpoint Firewall?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 8

Author Comment

by:JSoup
ID: 24422129
See Attachment Network-Configuration.pdf in entry D:24407818Author:JSoupDate:05/17/09 05:27 PM
yes

any help please...  
0
 
LVL 57

Expert Comment

by:giltjr
ID: 24449683
I would setup a packet capture and see if the firewall is actually originating the pings or if something else is issuing the pings and the firewall is doing a NAT and forwarding it.

Which checkpoint do you have?
0
 
LVL 8

Accepted Solution

by:
JSoup earned 0 total points
ID: 24452323
ISSUE:
Thousands of Stateless ICMP are occurring from the Checkpoint Safe@office 500 router @ 192.168.10.1 to All system on the LAN and are recorded in the Router security logs.

A thorough examination for Virus, Spyware, Hacks, Malware and etc was done on all Computers connected to the Router.   None was detected.  All inbound connection accounted for.  packet capture did not expose any other node sending these ICMP or (Fragment zero has the fragment offset equal zero.)
Can't find External Cause for the ICMP.

RCF 792 ICMP:
The ICMP messages typically report errors in the processing of
   datagram's.  To avoid the infinite regress of messages about messages  etc., no ICMP messages are sent about ICMP messages.  Also ICMP messages are only sent about errors in handling fragment zero of fragmented datagram's.  (Fragment zero has the fragment offset equal zero).  http://www.faqs.org/rfcs/rfc792.html

Cause WAS:
AV Bitdefender total security 2009.  Bitdefender Installed a driver in the network area. And can be disable in XP and Vista by selecting the Local area Connection Statue > Property and then in the window uncheck the Bitdefender firewall NDIS Filter driver. As proof as the Cause.    DO NOT LEAVE THIS UN-CHECK AS IT IS YOUR FIREWALL.   The error will cause large LANS Network Congestion.  

Bitdefender will be informed  
 
Security Treat Nill from this observation.   The product works well..



Question  Closed

0
 
LVL 8

Author Comment

by:JSoup
ID: 24484140
Bitdefender the support Area was informed about the bug.  These Guys Don't know if they should help me troubleshoot the problem or class it as user fixed problem.

Meaning, This problem won't get to development group as a bug.

 
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This program is used to assist in finding and resolving common problems with wireless connections.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question