On Thu, 12 Aug 1999, Bill Fox wrote:
:I'm having a problem where my inner-router continuously sources ICMP packets
:to the bastion host that are aimed at various IANA reserved IP's, such as
:"111.111.111.11". Since the bastion host rejects ICMP, all this activity
:does is further gorge already bloated logs. (I can shut off the logging, of
:course, but I'd rather correct the source of the ICMP). I've tried several
:things, such as setting the router's OSPF on the bastion host interface to
:passive, but the packets continue, and I'm head-scratching at the moment. I
:haven't clipped a sniffer into the subnet, yet, but that's next on the
:agenda. Any pointers greatly appreciated.
The M$ dhcp server could very well have been your problem, but
if the packets were coming off the Internet into your network
using Cisco's:
ip verify unicast reverse-path
should also have those packets dropped before they get into
your network and filling your logs.
That would be my immediate thought, but without knowing what ICMP
type or knowing if they are coming in from the net, more information
is required.
-j
--
batz
Chief Reverse Engineer
Superficial Intelligence Research Division
Defective Technologies
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
