192.168.2.7 is my box. 210.110.79.1 is not one of my IP addresses and therefore is out on the internet. Yes every 8th packet goes out to 212.110.79.74 ( a different host ). This is a remote machine and I am not easily able to shutdown a service at a time (at least not all of them)
Since this is coming from my box I would think that something would be able to detect it. Netstat does not even when using 'netstat -ac' Tony > -----Original Message----- > From: Douglas Allan Tutty [mailto:[EMAIL PROTECTED] > Sent: Sunday, April 22, 2007 3:03 PM > To: [email protected] > Subject: Re: Large ICMP packets tracing/troubleshooting > > On Sun, Apr 22, 2007 at 09:45:12AM -0400, Tony Heal wrote: > > I keep getting these entries in my firewall log. I am getting this > > same entry every 10 seconds. I can not determine what is sending or > > why. > > > > [00001] 2007-04-22 08:06:24 [Root]system-critical-00436: Large ICMP > > packet! From 192.168.2.7 to 212.110.79.74, proto 1 (zone Trust, int > > trust). Occurred 1 times. > > > If your box is 192.168.2.7 and the internet is 212.110.79.74 then the > packet is coming from your box and is trying to get out to the net. > > > also after every 7th entry of the above I get this > > > > [00004] 2007-04-22 08:05:54 [Root]system-critical-00436: Large ICMP > > packet! From 192.168.2.7 to 210.163.43.1, proto 1 (zone Trust, int > > trust). Occurred 1 times. > > > Out to a different host. > > > I can not determine what is going on and it is driving me nuts. > > everything I google comes up with nothing, so I thought I would ask > > the list for any help in troubleshooting this that you can think of. > > If you're getting it every 10 seconds, at least it should be simple to > track down. Run through the shutdown scripts one at a time and see when > it stops (that is, run each script in rc6.d in order with the parameter > 'stop'). When the errors stop, you've found the culpret. > > Good luck. > > Doug. > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
