Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
429
Views
7
Helpful
5
Replies

Ping attacks from the outside

wgranada1
Level 1
Level 1

‎10-25-2007 11:41 AM - edited ‎03-11-2019 04:30 AM

Good day

I'm not sure if this is true or not but on my monitoring messages for my firewall I notice a log of deny udp/icmp packets coming from the same 3-4 ip addresses. this has been going on for about an hour now what can I do to stop that? Is someone running a port scan trying to break into my firewall?

Labels:
0 Helpful
5 Replies 5

srue
Level 7
Level 7

‎10-25-2007 11:51 AM

ping/port scans are a dime a dozen on the Internet. That doesn't mean they should be taken lightly though, as they are usually the sign of some sort of reconnaissance attack. As long as your firewall is blocking them, that is fine. If you have something in front of your firewall that can block pings, you can block them before they even hit your firewall.

wgranada1
Level 1
Level 1
In response to srue

‎10-25-2007 11:58 AM

so is the ip addresses I'm seeing valid then or is it being masked? Is there somewhere I can report this or do anything besides be happy that my firewall is blocking the attempts?

0 Helpful

JORGE RODRIGUEZ
Level 10
Level 10
In response to wgranada1

‎10-25-2007 12:25 PM

hi there , being happy the firewall is doing the job of blocking unsolicited host is just not enough as a network admin. Just think of a stranger nocking your home door for two hours three or four hours, you would definately seek to find out more and take some action. This is something you would record and log and not just let it go but watch your logs, one thing you could do is to take notes of that external host IP addres and find which ISP is providing the IP address, you could search "whois" database , that,will provide you with which ISP is the IP block under and report to abuse records on the ISP side.

Jorge Rodriguez

wgranada1
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎10-25-2007 12:30 PM

Yeah I've already found out who, well at least which ISP it is coming from and reported it already. Just was wondering if there was anything else I can do besides that.

Thank you for the info though

0 Helpful

JORGE RODRIGUEZ
Level 10
Level 10
In response to wgranada1

‎10-25-2007 01:33 PM

it is good practice to have anothe device in front of pix as srue indicated in post so that these attacks do not hit your outside interface firewall.

Jorge Rodriguez
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card