<<< Date Index >>>     <<< Thread Index >>>

Re: Checkpoint NG3 ICMP Flood



On Mon, 18 Dec 2006, bdmoraes@xxxxxxxxxx wrote:

I have one checkpoint NG3 in my company and verifying in Tracking i have 
tousands of events with ICMP type 8 and type 17.

The events has origin in my internal networks, with one problem .. the Source 
IP is my PAT address for internal hosts to internet.

Is there any bug of Checkpoint? Anyone already seen this event?

I will go verify with sniffers and other tools, but this IP (Only for PAT) is 
no routeable in my internal networks...

I strongly doubt you found a bug in the software. Your report is missing crucial information.
 - Exact Check Point version (fw ver)?
        (Did you apply the minimal required HFA on NG FP3?)
 - How did you configure this PAT exactly?

At this point this report is in fact pointless and more of FUD message.

Hugo.

--
        hvdkooij@xxxxxxxxxxxxxxx        http://hvdkooij.xs4all.nl/
            This message is using 100% recycled electrons.