Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 830
  • Last Modified:

Firewall / Router ping Lan systems

Questions
If the Source is the router 192.168.10.1 and there is no connection to router uncounted for.  How is this possible? Is the router infected??
How can I track down the cause of this if its LAN based?  

See Attachment
Equipment-Safe-office--500W--ver.pdf
0
JSoup
Asked:
JSoup
  • 4
  • 2
1 Solution
 
ksims1129Commented:
Are you trying to say the router is the only thing connected to the internet. or is there some other hosts connected to the router and they do not account for these IP addresses? this is to vague.
0
 
JSoupAuthor Commented:
Issue restated.
Thousands of Stateless ICMP are recorded in the logs for three week now.  The source of thousands of Stateless ICMP is the Checkpoint router @ 192.168.10.1..  They are sent to every system connected to the Checkpoint router @ 192.168.10.1. 100 of Hours of Scanning & Troubleshooting on each system including a Clean rebuild of 1 system to insure it was not from the a system has not changed the issue.  

Sofaware has stated its source is the LAN.  I am now looking at 3rd party answer and or suggestion to address this problem.  

If its a virus its New.  
Network-Configuration.pdf
0
 
giltjrCommented:
Are all of the devices directly connected to the Checkpoint Firewall?
0
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

 
JSoupAuthor Commented:
See Attachment Network-Configuration.pdf in entry D:24407818Author:JSoupDate:05/17/09 05:27 PM
yes

any help please...  
0
 
giltjrCommented:
I would setup a packet capture and see if the firewall is actually originating the pings or if something else is issuing the pings and the firewall is doing a NAT and forwarding it.

Which checkpoint do you have?
0
 
JSoupAuthor Commented:
ISSUE:
Thousands of Stateless ICMP are occurring from the Checkpoint Safe@office 500 router @ 192.168.10.1 to All system on the LAN and are recorded in the Router security logs.

A thorough examination for Virus, Spyware, Hacks, Malware and etc was done on all Computers connected to the Router.   None was detected.  All inbound connection accounted for.  packet capture did not expose any other node sending these ICMP or (Fragment zero has the fragment offset equal zero.)
Can't find External Cause for the ICMP.

RCF 792 ICMP:
The ICMP messages typically report errors in the processing of
   datagram's.  To avoid the infinite regress of messages about messages  etc., no ICMP messages are sent about ICMP messages.  Also ICMP messages are only sent about errors in handling fragment zero of fragmented datagram's.  (Fragment zero has the fragment offset equal zero).  http://www.faqs.org/rfcs/rfc792.html

Cause WAS:
AV Bitdefender total security 2009.  Bitdefender Installed a driver in the network area. And can be disable in XP and Vista by selecting the Local area Connection Statue > Property and then in the window uncheck the Bitdefender firewall NDIS Filter driver. As proof as the Cause.    DO NOT LEAVE THIS UN-CHECK AS IT IS YOUR FIREWALL.   The error will cause large LANS Network Congestion.  

Bitdefender will be informed  
 
Security Treat Nill from this observation.   The product works well..



Question  Closed

0
 
JSoupAuthor Commented:
Bitdefender the support Area was informed about the bug.  These Guys Don't know if they should help me troubleshoot the problem or class it as user fixed problem.

Meaning, This problem won't get to development group as a bug.

 
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now