We have FW1, v4.1 running on an NT4 machine. Last week I installed BlackICE
Defender on my workstation which sits on our internal segment. Over the
weekend BlackICE recorded an ICMP Flood attack coming from the internal
interface on the firewall with the following information detailed:
IP: internal NIC ip
DNS: internal NIC ip dns name
NetBIOS: OS administrator name
Node: name of machine
Group: WORKGROUP
MAC: MAC address
Has any one seen this before? Is this a false positive? Is there anything
on the fw that could cause this type of traffic, besides the fw being
compromised? And if it has been compromised, what should I be looking for
on the machine itself?
Thanks for your help,
^ Emily Carrico
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
