Am Montag, 18. Dezember 2006 12:14 schrieb bdmoraes@xxxxxxxxxx: > Dear All, > > I have one checkpoint NG3 in my company and verifying in Tracking i have > tousands of events with ICMP type 8 and type 17. > > The events has origin in my internal networks, with one problem .. the > Source IP is my PAT address for internal hosts to internet. > > Is there any bug of Checkpoint? Anyone already seen this event? > > I will go verify with sniffers and other tools, but this IP (Only for PAT) > is no routeable in my internal networks... > > Thanks for attention. > Poison hi, perhaps related to: http://www.incidents.org/diary.php?storyid=1949&isc=ae18b977be6828a8c9bf904d72cc5630 Sniffer: depends on what platform you use: - Solaris: snoop - everything else: tcpdump Reading out the MAC adresses of there packets should give a clue in the direction where to search further. -- Dr. Michael Schwartzkopff MultiNET Services GmbH Bretonischer Ring 7 85630 Grasbrunn Tel: (+49 89) 456 911 - 0 Fax: (+49 89) 456 911 - 21 mob: (+49 174) 343 28 75 PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B Skype: misch42
Attachment:
pgpawc0DdjgW6.pgp
Description: PGP signature