Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
218
Views
0
Helpful
1
Replies

20K Messages a Second ... Incredible

scheikhnajib
Level 1
Level 1

‎09-12-2005 02:15 AM - edited ‎03-09-2019 12:23 PM

Hi,

Suddenly, the CPU utilization on my PIX 515E running PIX OS 7.0 has risen to 99%. After alot of troubleshooting, I implemented an IDS policy on the inside interface and figured out that one of the internal machines is triggering signature ID 2001 (ICMP Unreachables) at a rediculous rate (around 20,000 messages a second). I havn't seen such a IDS counter in my whole life ...

Anyway, my server guy is still looking ath the machine, but does anyone has any idea what might cause a machine to send such messages at that rate ???

By the way, the destination of the messages is the IP address of the inside interface of the PIX.

Thanks.

Salem.

Labels:
0 Helpful
1 Reply 1

s-doyle
Level 3
Level 3

‎09-16-2005 06:06 AM

ICMP Host Unreachable datagrams may be used to bypass packet filter security policies as they are rarely filtered in either incoming or outgoing traffic. May be used to perform denial of service attacks.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents