Solved

Firewall / Router ping Lan systems

Posted on 2009-05-17
10
800 Views
Last Modified: 2013-11-16
Questions
If the Source is the router 192.168.10.1 and there is no connection to router uncounted for.  How is this possible? Is the router infected??
How can I track down the cause of this if its LAN based?  

See Attachment
Equipment-Safe-office--500W--ver.pdf
0
Comment
Question by:JSoup
  • 4
  • 2
10 Comments
 
LVL 5

Expert Comment

by:ksims1129
ID: 24406880
Are you trying to say the router is the only thing connected to the internet. or is there some other hosts connected to the router and they do not account for these IP addresses? this is to vague.
0
 
LVL 8

Author Comment

by:JSoup
ID: 24407818
Issue restated.
Thousands of Stateless ICMP are recorded in the logs for three week now.  The source of thousands of Stateless ICMP is the Checkpoint router @ 192.168.10.1..  They are sent to every system connected to the Checkpoint router @ 192.168.10.1. 100 of Hours of Scanning & Troubleshooting on each system including a Clean rebuild of 1 system to insure it was not from the a system has not changed the issue.  

Sofaware has stated its source is the LAN.  I am now looking at 3rd party answer and or suggestion to address this problem.  

If its a virus its New.  
Network-Configuration.pdf
0
 
LVL 57

Expert Comment

by:giltjr
ID: 24417817
Are all of the devices directly connected to the Checkpoint Firewall?
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 8

Author Comment

by:JSoup
ID: 24422129
See Attachment Network-Configuration.pdf in entry D:24407818Author:JSoupDate:05/17/09 05:27 PM
yes

any help please...  
0
 
LVL 57

Expert Comment

by:giltjr
ID: 24449683
I would setup a packet capture and see if the firewall is actually originating the pings or if something else is issuing the pings and the firewall is doing a NAT and forwarding it.

Which checkpoint do you have?
0
 
LVL 8

Accepted Solution

by:
JSoup earned 0 total points
ID: 24452323
ISSUE:
Thousands of Stateless ICMP are occurring from the Checkpoint Safe@office 500 router @ 192.168.10.1 to All system on the LAN and are recorded in the Router security logs.

A thorough examination for Virus, Spyware, Hacks, Malware and etc was done on all Computers connected to the Router.   None was detected.  All inbound connection accounted for.  packet capture did not expose any other node sending these ICMP or (Fragment zero has the fragment offset equal zero.)
Can't find External Cause for the ICMP.

RCF 792 ICMP:
The ICMP messages typically report errors in the processing of
   datagram's.  To avoid the infinite regress of messages about messages  etc., no ICMP messages are sent about ICMP messages.  Also ICMP messages are only sent about errors in handling fragment zero of fragmented datagram's.  (Fragment zero has the fragment offset equal zero).  http://www.faqs.org/rfcs/rfc792.html

Cause WAS:
AV Bitdefender total security 2009.  Bitdefender Installed a driver in the network area. And can be disable in XP and Vista by selecting the Local area Connection Statue > Property and then in the window uncheck the Bitdefender firewall NDIS Filter driver. As proof as the Cause.    DO NOT LEAVE THIS UN-CHECK AS IT IS YOUR FIREWALL.   The error will cause large LANS Network Congestion.  

Bitdefender will be informed  
 
Security Treat Nill from this observation.   The product works well..



Question  Closed

0
 
LVL 8

Author Comment

by:JSoup
ID: 24484140
Bitdefender the support Area was informed about the bug.  These Guys Don't know if they should help me troubleshoot the problem or class it as user fixed problem.

Meaning, This problem won't get to development group as a bug.

 
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now