We recently installed a new ASA 5505 into our environment as our primary firewall and I have turned on email logging (error level). Those email logs are sent to me via email in realtime. However, I am getting thousands of logs/emails every day (today 4,000 so far) with this message:
<163>%ASA-3-313001: Denied ICMP type=8, code=0 from 18.104.22.168 on interface outside
I have contacted the company who owns the IP and this is response I have received back from them:
From: World Wide Web Owner on behalf of Michael Mamaril via RT
Sent: Tue 6/30/2009 1:31 PM
To: Nick VanGilder
Subject: [cdnetworks.net #8942] ICMP Ping flood - issue to stop.
CDNetworks provides an enterprise content delivery network. We transmit
ICMP and UDP packets to various DNS resolvers around the Internet to
measure latencies with which to geographically-distribute end users to
the optimal CDNetworks location for content delivery. Our customers
offload content to us, and we distribute their content to their users
based on physical location. Incorrectly configured firewalls often
misinterpret this traffic as being malicious.
You are seeing requests like this when a user in your network is
accessing content served by CDNetworks on behalf of one of our
customers. Most of our customers are content sites (i.e., publishers).
You should feel free to drop our packets, however we must then transmit
more packets to determine latency to the router upstream from you. We
recommend you allow ICMP to your DNS resolver from CDNetworks's
netblocks (22.214.171.124/20 and 126.96.36.199/21) to lower spurious log
entries and speed web browsing for your users.
Please let us know if you have additional questions.
130 Rio Robles, San Jose, CA 95134
I guess my question is two part. Is that an appropriate response for them to give to us since we are a bank. And if not, how do I respond back to them?