Hello,
I've received a report from one site that their firewall (FW-1) is
receiving an ICMP packet every minute from the same external address. The
packet is of type 11 code 0, which should correspond to:
type 11 = TIME EXCEEDED (0 : TTL=0 during transmit , 1 : TTL=0 during
reassembly)
Since it is directed to the firewall, his stealth rule is generating an
alarm every minute!
I'm not too keen on ICMP, but I think that there should be no problem with
packets of this type. Am I right? I would appreciate some other opinions.
Could it be some sort of probe or attack ?
Thanks for your help
Joseph
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
