Re: suspect network under attack by icmp

samuel.lam · ‎08-12-2006

All

I am now supect that the pix is under high volume of ping, as if i disable the ping from outside world on wan router, the performace of the network is improved.

Does PIX can do with some control on if under icmp attack can temp limit or drop the packet from inside and outside world.

so that the inside affected client and attack from outside world can be prevent.

tks all

Fernando_Meza · ‎08-13-2006

HI .. you could try enabling the ips built-in signtures supported by the PIX. These are used to protect against common attacks.

" Cisco PIX Firewall includes an IP-only intrusion detection feature. It provides visibility at

network perimeters or for locations where additional security between network segments is

required.

The PIX IDS identifies more than 53 common attacks using signatures to detect patterns of

misuse in network traffic. Traffic passing through the PIX Firewall can be identified to be

audited, logged, and/or dropped.

After it is configured, the IDS feature watches packets and sessions as they flow through the

firewall, scanning each for a match with any of the IDS signatures. When suspicious activity

is detected, the PIX Firewall responds immediately and can be configured to do the following:

1. Send an alarm to a syslog server.

2. Drop the packet.

3. Reset the TCP connection. "

I suggest you check the command reference for the use of ip audit command !!!

I hope it helps .. please rate it if it does !!!