Suddenly, the CPU utilization on my PIX 515E running PIX OS 7.0 has risen to 99%. After alot of troubleshooting, I implemented an IDS policy on the inside interface and figured out that one of the internal machines is triggering signature ID 2001 (ICMP Unreachables) at a rediculous rate (around 20,000 messages a second). I havn't seen such a IDS counter in my whole life ...
Anyway, my server guy is still looking ath the machine, but does anyone has any idea what might cause a machine to send such messages at that rate ???
By the way, the destination of the messages is the IP address of the inside interface of the PIX.
ICMP Host Unreachable datagrams may be used to bypass packet filter security policies as they are rarely filtered in either incoming or outgoing traffic. May be used to perform denial of service attacks.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...