Ping attacks from the outside

Unanswered Question
Oct 25th, 2007
User Badges:

Good day

I'm not sure if this is true or not but on my monitoring messages for my firewall I notice a log of deny udp/icmp packets coming from the same 3-4 ip addresses. this has been going on for about an hour now what can I do to stop that? Is someone running a port scan trying to break into my firewall?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (2 ratings)
srue Thu, 10/25/2007 - 11:51
User Badges:
  • Blue, 1500 points or more

ping/port scans are a dime a dozen on the Internet. That doesn't mean they should be taken lightly though, as they are usually the sign of some sort of reconnaissance attack. As long as your firewall is blocking them, that is fine. If you have something in front of your firewall that can block pings, you can block them before they even hit your firewall.

wgranada1 Thu, 10/25/2007 - 11:58
User Badges:

so is the ip addresses I'm seeing valid then or is it being masked? Is there somewhere I can report this or do anything besides be happy that my firewall is blocking the attempts?

JORGE RODRIGUEZ Thu, 10/25/2007 - 12:25
User Badges:
  • Green, 3000 points or more

hi there , being happy the firewall is doing the job of blocking unsolicited host is just not enough as a network admin. Just think of a stranger nocking your home door for two hours three or four hours, you would definately seek to find out more and take some action. This is something you would record and log and not just let it go but watch your logs, one thing you could do is to take notes of that external host IP addres and find which ISP is providing the IP address, you could search "whois" database , that,will provide you with which ISP is the IP block under and report to abuse records on the ISP side.

wgranada1 Thu, 10/25/2007 - 12:30
User Badges:

Yeah I've already found out who, well at least which ISP it is coming from and reported it already. Just was wondering if there was anything else I can do besides that.

Thank you for the info though

JORGE RODRIGUEZ Thu, 10/25/2007 - 13:33
User Badges:
  • Green, 3000 points or more

it is good practice to have anothe device in front of pix as srue indicated in post so that these attacks do not hit your outside interface firewall.


This Discussion