Solved

Denied ICMP type=8, code=0

Posted on 2009-06-30
1
2,743 Views
Last Modified: 2013-11-29
We recently installed a new ASA 5505 into our environment as our primary firewall and I have turned on email logging (error level).  Those email logs are sent to me via email in realtime.  However, I am getting thousands of logs/emails every day (today 4,000 so far) with this message:

<163>%ASA-3-313001: Denied ICMP type=8, code=0 from 202.172.101.35 on interface outside

I have contacted the company who owns the IP and this is response I have received back from them:

From: World Wide Web Owner on behalf of Michael Mamaril via RT
Sent: Tue 6/30/2009 1:31 PM
To: Nick VanGilder
Subject: [cdnetworks.net #8942] ICMP Ping flood - issue to stop.


Dear Nick,

CDNetworks provides an enterprise content delivery network. We transmit
ICMP and UDP packets to various DNS resolvers around the Internet to
measure latencies with which to geographically-distribute end users to
the optimal CDNetworks location for content delivery. Our customers
offload content to us, and we distribute their content to their users
based on physical location. Incorrectly configured firewalls often
misinterpret this traffic as being malicious.

You are seeing requests like this when a user in your network is
accessing content served by CDNetworks on behalf of one of our
customers. Most of our customers are content sites (i.e., publishers).

You should feel free to drop our packets, however we must then transmit
more packets to determine latency to the router upstream from you. We
recommend you allow ICMP to your DNS resolver from CDNetworks's
netblocks (66.114.48.0/20 and 93.188.128.0/21) to lower spurious log
entries and speed web browsing for your users.

Please let us know if you have additional questions.

--
CDNetworks Inc.
130 Rio Robles, San Jose, CA 95134
support@cdnetworks.com


I guess my question is two part.  Is that an appropriate response for them to give to us since we are a bank. And if not, how do I respond back to them?
0
Comment
Question by:nickv1982
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 6

Accepted Solution

by:
danf0x earned 500 total points
ID: 24748956
Well internet law doesn't state that they can't request for you to accept their pings.  If it is a problem for you, you can always blackhole their subnet so you don't even see their requests coming in.
  I am not sure as to the response because there is no real law prohibiting him from pinging you as long as it doesn't interrupt your service.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
NTP port 123 UDP 5 91
Decrypting SSL traffic in wireshark 7 220
F5 SSL Sticky Load Balancing Question 3 78
Advertise subnet not directly attached 6 65
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

736 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question