?
Solved

sonicwall outlook.com ICMP destination unreachable

Posted on 2012-08-20
11
Medium Priority
?
1,812 Views
Last Modified: 2013-03-13
As Hotmail has migrated to Outlook.com I am seeing an increasing number of these messages in my Sonicwall logs:

2012/08/20 18:37:33.288 - Alert - Intrusion Prevention -       IPS Detection Alert: ICMP Destination Unreachable (Port Unreachable), SID: 310, Priority: Low -       65.55.88.34, 53, X1, 9eb94345d89ca54184a1800ddd2525.mail.outlook.com -       10.141.1.128, 62364, X0, servername  -       

This email was generated by: SonicOS Enhanced 5.8.1.5-46o (0017-C54D-E77C)
0
Comment
Question by:Carol Chisholm
  • 4
  • 4
9 Comments
 
LVL 20

Expert Comment

by:carlmd
ID: 38313089
If outlook.com is working for you, I would not worry about the message since it is low priority. You can turn off low priorty logging if you want the IPS settings.

I would guess the site is busy or suffering from growing pains in the move to the new url.
0
 
LVL 16

Expert Comment

by:Syed_M_Usman
ID: 38316082
Dear,

i think in your IPS seetings you have enable to detect the LOW priority atatcks,,,,,, I suggest to turn off...
0
 
LVL 16

Author Comment

by:Carol Chisholm
ID: 38316160
Thanks. I still don't undertand why this is happening. I know I can ignore it but I prefer to try and understand why I am getting an alert before I decide to ignore it.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 20

Expert Comment

by:carlmd
ID: 38316416
Chances are they are probing you to see if your site is alive.
0
 
LVL 16

Author Comment

by:Carol Chisholm
ID: 38330468
It is a communication between my DNS server and 9eb94345d89ca54184a1800ddd2525.mail.outlook.com.

What I want to understand is WHY does Outlook.com generate all these alerts when Hotmail did not.

And where the long strings of random hex come from?

I don't want to ignore an alert even low priority before I understand it...
0
 
LVL 20

Expert Comment

by:carlmd
ID: 38330590
The hex number is basically a coding that tells dns to lookup adjacent addresses. In this way you only need a singe url for many ip address.

For example:

dilbert_# nslookup 9eb94345d89ca54184a1800ddd2525.mail.outlook.com.

Non-authoritative answer:
Name:    9eb94345d89ca54184a1800ddd2525.mail.outlook.com
Addresses:  65.55.88.31, 65.55.88.32, 65.55.88.33, 65.55.88.34
          65.55.88.35, 65.55.88.36, 65.55.88.37, 65.55.88.38, 65.55.88.39
          65.55.88.40, 65.55.88.41, 65.55.88.42, 65.55.88.43, 65.55.88.44
          65.55.88.45, 65.55.88.46, 65.55.88.22, 65.55.88.23, 65.55.88.24
          65.55.88.25, 65.55.88.26, 65.55.88.27, 65.55.88.28, 65.55.88.29
          65.55.88.30
0
 
LVL 16

Author Comment

by:Carol Chisholm
ID: 38330626
Many thank for that information.
Why is my Sonicwall filtering it?
0
 
LVL 20

Accepted Solution

by:
carlmd earned 2000 total points
ID: 38330642
It's not really filtering it. The IP service sees the probe and considers it a low priority event. Since you have the Sonicwall configured to detect and log this, that  is why you are seeing it.
0
 
LVL 16

Author Comment

by:Carol Chisholm
ID: 38330664
I will see if I can ignore them, but the random HEX make it difficult.. Vive IPv6?
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 trialware OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their Exchange server is no longer available or other critical issues with Exchange server or impo…
Take a look at these 6 Outlook Email management tools which can augment the working and performance of Microsoft Outlook to give you a more rewarding emailing experience.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses
Course of the Month16 days, 22 hours left to enroll

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question