Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Ping attacks from the outside

Good day

I'm not sure if this is true or not but on my monitoring messages for my firewall I notice a log of deny udp/icmp packets coming from the same 3-4 ip addresses. this has been going on for about an hour now what can I do to stop that? Is someone running a port scan trying to break into my firewall?

5 REPLIES
Gold

Re: Ping attacks from the outside

ping/port scans are a dime a dozen on the Internet. That doesn't mean they should be taken lightly though, as they are usually the sign of some sort of reconnaissance attack. As long as your firewall is blocking them, that is fine. If you have something in front of your firewall that can block pings, you can block them before they even hit your firewall.

New Member

Re: Ping attacks from the outside

so is the ip addresses I'm seeing valid then or is it being masked? Is there somewhere I can report this or do anything besides be happy that my firewall is blocking the attempts?

Re: Ping attacks from the outside

hi there , being happy the firewall is doing the job of blocking unsolicited host is just not enough as a network admin. Just think of a stranger nocking your home door for two hours three or four hours, you would definately seek to find out more and take some action. This is something you would record and log and not just let it go but watch your logs, one thing you could do is to take notes of that external host IP addres and find which ISP is providing the IP address, you could search "whois" database , that,will provide you with which ISP is the IP block under and report to abuse records on the ISP side.

New Member

Re: Ping attacks from the outside

Yeah I've already found out who, well at least which ISP it is coming from and reported it already. Just was wondering if there was anything else I can do besides that.

Thank you for the info though

Re: Ping attacks from the outside

it is good practice to have anothe device in front of pix as srue indicated in post so that these attacks do not hit your outside interface firewall.

198
Views
7
Helpful
5
Replies