A similar situation turned up here and turned out to be associated with
Windows98, dhcp and register coding that had the host looking for an
IANA reserved IP server. Get control of this and your logs should get
smaller.
John
-----Original Message-----
From: Bill Fox [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 13, 1999 1:42 AM
To: Firewalls mailing list
Cc: Fox, Bill (AIS)
Subject: ICMP to IANA Reserved IP's
Not sure if this is a 'bonafide' firewalls list type question, but the
only
place I'm seeing this type of activity is on my firewall system (which
includes inner & outer routers...). Hope I'm not out of context here
;).
I'm having a problem where my inner-router continuously sources ICMP
packets
to the bastion host that are aimed at various IANA reserved IP's, such
as
"111.111.111.11". Since the bastion host rejects ICMP, all this
activity
does is further gorge already bloated logs. (I can shut off the logging,
of
course, but I'd rather correct the source of the ICMP). I've tried
several
things, such as setting the router's OSPF on the bastion host interface
to
passive, but the packets continue, and I'm head-scratching at the
moment. I
haven't clipped a sniffer into the subnet, yet, but that's next on the
agenda. Any pointers greatly appreciated.
--Bill Fox
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
