Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Ping of death

Hi

AS discussed earlier ping to inside interface drops  after some intervals.

When checked logs in asa

built 10.1..x.x  123  65.55.21.22 123 build outbound udp connection 12345 for outside:65.55.21.22 to inside 10.1.x.x /123

for everyhour we are receving this error for diffrenet lan ip for same network range for destination

Please suggest

8 REPLIES
Purple

Ping of death

Hi,

this is a  public NTP server configured on the ASA  communicating with 10.1.x.x.

Regards.

Alain

Don't forget to rate helpful posts.
New Member

Ping of death

Hi

As checked on the firewall there is no port opened for NTP ie 123

From yesterday evening we are observing strange behaviour on the firewall inside interface.

we have configured prtg tool ie snmp traps for firewall.

For every 3 to 4 hours we receive  some alert from prtg tool during  that time ping to the inside interface drops

as observed the drop is for only for 70 to 80 sec and after that time ping is normal.

during that we have observed the logs which is defined above.

Purple

Ping of death

Hi,

there is a machine in inside subnet which is contacting a  public NTP server from Microsoft.

Which alerts are you receiving from PRTG ?

Regards.

Alain

Don't forget to rate helpful posts.
New Member

Ping of death

Alert states as below.

  Apative security appliance state inetrface down

Purple

Ping of death

Hi,

so if your interface is going down only after a certain amount of time then you have a link flap but I doubt it has anything to do with any attack.

You should check  for L2 problems.

Regards.

Alain

Don't forget to rate helpful posts.
New Member

Ping of death

There is no link flap. This problem is occuring for every 3 to 4 hours.

Purple

Ping of death

Hi,

how can a clock synchronization be an attack?

and furthermore if there was an attack you would have a cpu or ram usage spike

Regards.

Alain

Don't forget to rate helpful posts.
New Member

Ping of death

Cpu range is normal.

Might be broadcast from any internal server

671
Views
0
Helpful
8
Replies