Hi
having installed snort/acid on my sme server im seeing thousands of ICMP requests being generated by my router. I have switched off ICMP from the netgear router so external sources do not get a reply, but internally its still going crazy, it cant be from outside the network, and im at a loss as to why this is happening!
192.168.0.1 : is my router
192.168.0.2: is my SME boxes external interface
I am using SME 6.0b3 with all the updates.
snort :
#0-(1-21090) [snort] ICMP Echo Reply (Undefined Code!) 2003-10-24 9:43:03 192.168.0.1 192.168.0.2 ICMP
tcpdump:
10:08:05.864905 192.168.0.2 > 192.168.0.1: icmp: echo request (DF)
0x0000 4500 0054 0000 4000 4001 b955 c0a8 0002 E..T..@.@..U....
0x0010 c0a8 0001 0800 9137 8f59 1400 05fa 983f .......7.Y.....?
0x0020 2d32 0d00 0809 0a0b 0c0d 0e0f 1011 1213 -2..............
0x0030 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 .............!"#
0x0040 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 $%&'()*+,-./0123
0x0050 3435 45
10:08:05.865720 192.168.0.1 > 192.168.0.2: icmp: echo reply
0x0000 4500 0054 31c8 0000 fe01 098d c0a8 0001 E..T1...........
0x0010 c0a8 0002 0000 9937 8f59 1400 05fa 983f .......7.Y.....?
0x0020 2d32 0d00 0809 0a0b 0c0d 0e0f 1011 1213 -2..............
0x0030 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 .............!"#
0x0040 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 $%&'()*+,-./0123
0x0050 3435 45
hope somone cqan point me in the right direction
regards
./S
2 Replies
696 Views