Solved

Firewall / Router ping Lan systems

Posted on 2009-05-17
10
817 Views
Last Modified: 2013-11-16
Questions
If the Source is the router 192.168.10.1 and there is no connection to router uncounted for.  How is this possible? Is the router infected??
How can I track down the cause of this if its LAN based?  

See Attachment
Equipment-Safe-office--500W--ver.pdf
0
Comment
Question by:JSoup
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
10 Comments
 
LVL 5

Expert Comment

by:ksims1129
ID: 24406880
Are you trying to say the router is the only thing connected to the internet. or is there some other hosts connected to the router and they do not account for these IP addresses? this is to vague.
0
 
LVL 8

Author Comment

by:JSoup
ID: 24407818
Issue restated.
Thousands of Stateless ICMP are recorded in the logs for three week now.  The source of thousands of Stateless ICMP is the Checkpoint router @ 192.168.10.1..  They are sent to every system connected to the Checkpoint router @ 192.168.10.1. 100 of Hours of Scanning & Troubleshooting on each system including a Clean rebuild of 1 system to insure it was not from the a system has not changed the issue.  

Sofaware has stated its source is the LAN.  I am now looking at 3rd party answer and or suggestion to address this problem.  

If its a virus its New.  
Network-Configuration.pdf
0
 
LVL 57

Expert Comment

by:giltjr
ID: 24417817
Are all of the devices directly connected to the Checkpoint Firewall?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 8

Author Comment

by:JSoup
ID: 24422129
See Attachment Network-Configuration.pdf in entry D:24407818Author:JSoupDate:05/17/09 05:27 PM
yes

any help please...  
0
 
LVL 57

Expert Comment

by:giltjr
ID: 24449683
I would setup a packet capture and see if the firewall is actually originating the pings or if something else is issuing the pings and the firewall is doing a NAT and forwarding it.

Which checkpoint do you have?
0
 
LVL 8

Accepted Solution

by:
JSoup earned 0 total points
ID: 24452323
ISSUE:
Thousands of Stateless ICMP are occurring from the Checkpoint Safe@office 500 router @ 192.168.10.1 to All system on the LAN and are recorded in the Router security logs.

A thorough examination for Virus, Spyware, Hacks, Malware and etc was done on all Computers connected to the Router.   None was detected.  All inbound connection accounted for.  packet capture did not expose any other node sending these ICMP or (Fragment zero has the fragment offset equal zero.)
Can't find External Cause for the ICMP.

RCF 792 ICMP:
The ICMP messages typically report errors in the processing of
   datagram's.  To avoid the infinite regress of messages about messages  etc., no ICMP messages are sent about ICMP messages.  Also ICMP messages are only sent about errors in handling fragment zero of fragmented datagram's.  (Fragment zero has the fragment offset equal zero).  http://www.faqs.org/rfcs/rfc792.html

Cause WAS:
AV Bitdefender total security 2009.  Bitdefender Installed a driver in the network area. And can be disable in XP and Vista by selecting the Local area Connection Statue > Property and then in the window uncheck the Bitdefender firewall NDIS Filter driver. As proof as the Cause.    DO NOT LEAVE THIS UN-CHECK AS IT IS YOUR FIREWALL.   The error will cause large LANS Network Congestion.  

Bitdefender will be informed  
 
Security Treat Nill from this observation.   The product works well..



Question  Closed

0
 
LVL 8

Author Comment

by:JSoup
ID: 24484140
Bitdefender the support Area was informed about the bug.  These Guys Don't know if they should help me troubleshoot the problem or class it as user fixed problem.

Meaning, This problem won't get to development group as a bug.

 
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Globalscape EFT Notifications Help 2 34
Simple Router Management, Subnets and VLANs e.g. RV0xx 7 76
Layer 3 switch recommendation 15 60
Certification Follow-up 2 63
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question