Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1158
Views
0
Helpful
8
Replies

Ping of death

prashantrecon
Level 1
Level 1

‎11-29-2011 12:03 AM - edited ‎03-11-2019 02:56 PM

Hi

AS discussed earlier ping to inside interface drops  after some intervals.

When checked logs in asa

built 10.1..x.x  123  65.55.21.22 123 build outbound udp connection 12345 for outside:65.55.21.22 to inside 10.1.x.x /123

for everyhour we are receving this error for diffrenet lan ip for same network range for destination

Please suggest

Labels:
0 Helpful
8 Replies 8

cadet alain
VIP Alumni
VIP Alumni

‎11-29-2011 01:01 AM

Hi,

this is a  public NTP server configured on the ASA  communicating with 10.1.x.x.

Regards.

Alain

Don't forget to rate helpful posts.
0 Helpful

prashantrecon
Level 1
Level 1
In response to cadet alain

‎11-29-2011 02:25 AM

Hi

As checked on the firewall there is no port opened for NTP ie 123

From yesterday evening we are observing strange behaviour on the firewall inside interface.

we have configured prtg tool ie snmp traps for firewall.

For every 3 to 4 hours we receive  some alert from prtg tool during  that time ping to the inside interface drops

as observed the drop is for only for 70 to 80 sec and after that time ping is normal.

during that we have observed the logs which is defined above.

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to prashantrecon

‎11-29-2011 02:54 AM

Hi,

there is a machine in inside subnet which is contacting a  public NTP server from Microsoft.

Which alerts are you receiving from PRTG ?

Regards.

Alain

Don't forget to rate helpful posts.
0 Helpful

prashantrecon
Level 1
Level 1
In response to cadet alain

‎11-29-2011 02:59 AM

Alert states as below.

  Apative security appliance state inetrface down

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to prashantrecon

‎11-29-2011 04:52 AM

Hi,

so if your interface is going down only after a certain amount of time then you have a link flap but I doubt it has anything to do with any attack.

You should check  for L2 problems.

Regards.

Alain

Don't forget to rate helpful posts.
0 Helpful

prashantrecon
Level 1
Level 1
In response to cadet alain

‎11-29-2011 05:14 AM

There is no link flap. This problem is occuring for every 3 to 4 hours.

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to prashantrecon

‎11-29-2011 05:30 AM

Hi,

how can a clock synchronization be an attack?

and furthermore if there was an attack you would have a cpu or ram usage spike

Regards.

Alain

Don't forget to rate helpful posts.
0 Helpful

prashantrecon
Level 1
Level 1
In response to cadet alain

‎11-29-2011 06:19 AM

Cpu range is normal.

Might be broadcast from any internal server

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card