Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ICMP (type 0 , code 0) in syslog

HI All,

I'm new to security and am finding several deined on inside interface access-list for ICMP (type 0 , code 0) from inside host > outside host. This is happening 24hr a day. The only thing I can see in log

is we are experencing ping sweeps from this IP block.

I have ran several trojan and virus scans from several different venders and return nothing on the inside host.

Is this a normal response from a inside host with a public interface on a single port? I do not allow icmp from internal host.

4 REPLIES
Gold

Re: ICMP (type 0 , code 0) in syslog

Mike,

If you have ACLs on the indside denying ICMP traffic from inside-to-outside then you'll see the syslog message you mentioned. Which PIX IOS are you running?

When you say you can see ping sweeps form this IP Block, is this a inside IP address?

Thanks - Jay.

Cisco Employee

Re: ICMP (type 0 , code 0) in syslog

Hi,

ICMP type 0 is ECHO-Reply. It seems like your inside hosts are sending lot of replies as a result of ECHO (Ping). We have seen this behavoiur as a result of the recent worms e.g. NACHI/BLASTER. If you are seeing this syslog message alot, you better need to apply access-list on the inside interface to block it, additionaly you need to inspect your hosts for the possibility of worms.

Thanks

Nadeem

New Member

Re: ICMP (type 0 , code 0) in syslog

Nadeem, Do you have any sample config ACL to block ICMP Echo reply and log them..

Thanks

Daya

New Member

Re: ICMP (type 0 , code 0) in syslog

Are you using any uptime and/or network monitoring software on the inside network?

2131
Views
0
Helpful
4
Replies