Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Firewall / Router ping Lan systems

Posted on 2009-05-17
10
Medium Priority
?
827 Views
Last Modified: 2013-11-16
Questions
If the Source is the router 192.168.10.1 and there is no connection to router uncounted for.  How is this possible? Is the router infected??
How can I track down the cause of this if its LAN based?  

See Attachment
Equipment-Safe-office--500W--ver.pdf
0
Comment
Question by:JSoup
  • 4
  • 2
10 Comments
 
LVL 5

Expert Comment

by:ksims1129
ID: 24406880
Are you trying to say the router is the only thing connected to the internet. or is there some other hosts connected to the router and they do not account for these IP addresses? this is to vague.
0
 
LVL 8

Author Comment

by:JSoup
ID: 24407818
Issue restated.
Thousands of Stateless ICMP are recorded in the logs for three week now.  The source of thousands of Stateless ICMP is the Checkpoint router @ 192.168.10.1..  They are sent to every system connected to the Checkpoint router @ 192.168.10.1. 100 of Hours of Scanning & Troubleshooting on each system including a Clean rebuild of 1 system to insure it was not from the a system has not changed the issue.  

Sofaware has stated its source is the LAN.  I am now looking at 3rd party answer and or suggestion to address this problem.  

If its a virus its New.  
Network-Configuration.pdf
0
 
LVL 57

Expert Comment

by:giltjr
ID: 24417817
Are all of the devices directly connected to the Checkpoint Firewall?
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
LVL 8

Author Comment

by:JSoup
ID: 24422129
See Attachment Network-Configuration.pdf in entry D:24407818Author:JSoupDate:05/17/09 05:27 PM
yes

any help please...  
0
 
LVL 57

Expert Comment

by:giltjr
ID: 24449683
I would setup a packet capture and see if the firewall is actually originating the pings or if something else is issuing the pings and the firewall is doing a NAT and forwarding it.

Which checkpoint do you have?
0
 
LVL 8

Accepted Solution

by:
JSoup earned 0 total points
ID: 24452323
ISSUE:
Thousands of Stateless ICMP are occurring from the Checkpoint Safe@office 500 router @ 192.168.10.1 to All system on the LAN and are recorded in the Router security logs.

A thorough examination for Virus, Spyware, Hacks, Malware and etc was done on all Computers connected to the Router.   None was detected.  All inbound connection accounted for.  packet capture did not expose any other node sending these ICMP or (Fragment zero has the fragment offset equal zero.)
Can't find External Cause for the ICMP.

RCF 792 ICMP:
The ICMP messages typically report errors in the processing of
   datagram's.  To avoid the infinite regress of messages about messages  etc., no ICMP messages are sent about ICMP messages.  Also ICMP messages are only sent about errors in handling fragment zero of fragmented datagram's.  (Fragment zero has the fragment offset equal zero).  http://www.faqs.org/rfcs/rfc792.html

Cause WAS:
AV Bitdefender total security 2009.  Bitdefender Installed a driver in the network area. And can be disable in XP and Vista by selecting the Local area Connection Statue > Property and then in the window uncheck the Bitdefender firewall NDIS Filter driver. As proof as the Cause.    DO NOT LEAVE THIS UN-CHECK AS IT IS YOUR FIREWALL.   The error will cause large LANS Network Congestion.  

Bitdefender will be informed  
 
Security Treat Nill from this observation.   The product works well..



Question  Closed

0
 
LVL 8

Author Comment

by:JSoup
ID: 24484140
Bitdefender the support Area was informed about the bug.  These Guys Don't know if they should help me troubleshoot the problem or class it as user fixed problem.

Meaning, This problem won't get to development group as a bug.

 
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question