Ping attacks from the outside

Unanswered Question
Oct 25th, 2007

Good day

I'm not sure if this is true or not but on my monitoring messages for my firewall I notice a log of deny udp/icmp packets coming from the same 3-4 ip addresses. this has been going on for about an hour now what can I do to stop that? Is someone running a port scan trying to break into my firewall?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (2 ratings)
Loading.
srue Thu, 10/25/2007 - 11:51

ping/port scans are a dime a dozen on the Internet. That doesn't mean they should be taken lightly though, as they are usually the sign of some sort of reconnaissance attack. As long as your firewall is blocking them, that is fine. If you have something in front of your firewall that can block pings, you can block them before they even hit your firewall.

wgranada1 Thu, 10/25/2007 - 11:58

so is the ip addresses I'm seeing valid then or is it being masked? Is there somewhere I can report this or do anything besides be happy that my firewall is blocking the attempts?

JORGE RODRIGUEZ Thu, 10/25/2007 - 12:25

hi there , being happy the firewall is doing the job of blocking unsolicited host is just not enough as a network admin. Just think of a stranger nocking your home door for two hours three or four hours, you would definately seek to find out more and take some action. This is something you would record and log and not just let it go but watch your logs, one thing you could do is to take notes of that external host IP addres and find which ISP is providing the IP address, you could search "whois" database , that,will provide you with which ISP is the IP block under and report to abuse records on the ISP side.

wgranada1 Thu, 10/25/2007 - 12:30

Yeah I've already found out who, well at least which ISP it is coming from and reported it already. Just was wondering if there was anything else I can do besides that.

Thank you for the info though

JORGE RODRIGUEZ Thu, 10/25/2007 - 13:33

it is good practice to have anothe device in front of pix as srue indicated in post so that these attacks do not hit your outside interface firewall.

Actions

This Discussion