Hello, i noticed large amount of denyed icmp packets showin gin our syslog that is originated and destined for ip addresses not on our network.
"Deny icmp src <inside-vlan-interface>:172.24.3.30 dst <outside-interface>:172.24.3.17 (type 8, code 0) by access-group "inside_ACL_in" [0x0, 0x0].
We do have ip range of 172.16.x.x but it is for mpls traffic; all our internal ip addresses are on 192.x.x.x or 10.x.x.x
Do you guys have any ideas how to start troubleshooting this? Traceroute to either of these two ip addresses does not go any further than some of ISP's routers. Could you please provide info about any tool(s) tat you might be usefull trying to find the source of this traffic. Would Netflow help with this? thanks