Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] ICMP Flood from Internal IP

To: "Fw-1-Mailinglist (E-mail)" <[email protected]>
Subject: [FW1] ICMP Flood from Internal IP
From: "Carrico, Emily" <[email protected]>
Date: Tue, 24 Apr 2001 13:55:08 -0400
Sender: [email protected]

We have FW1, v4.1 running on an NT4 machine.  Last week I installed BlackICE
Defender on my workstation which sits on our internal segment.  Over the
weekend BlackICE recorded an ICMP Flood attack coming from the internal
interface on the firewall with the following information detailed:  

IP: internal NIC ip
DNS: internal NIC ip dns name
NetBIOS:  OS administrator name
Node: name of machine
Group: WORKGROUP      
MAC: MAC address

Has any one seen this before?  Is this a false positive?  Is there anything
on the fw that could cause this type of traffic, besides the fw being
compromised?  And if it has been compromised, what should I be looking for
on the machine itself?

Thanks for your help,
^ Emily Carrico



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] Managing a lot of firewalls
Next by Date: [FW1] VPN Accelerator and FWZ encryption
Previous by thread: RE: [FW1] question
Next by thread: [FW1] VPN Accelerator and FWZ encryption
Index(es):
- Date
- Thread