Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
680
Views
0
Helpful
1
Replies

Why is my router generating ICMP traffic to a unknown host on the Internet.

jthombs1016
Level 1
Level 1

‎10-30-2018 01:57 PM

Hello all

 

Our Security partner is picking ICMP traffic from a router at one of out branch offices. I cant see anything in the configuration

to suggest that its compromised. What else can I look for. I have denied the host on out firewall but its strange.

 

Oct 30 20:22:45X>X>X>X : %ASA-4-106023: Deny icmp src FW_Internet_Inside:10.132.246.66(TUNNEL INTERFACE) dst FW_Internet_Outside:122.228.10.51 (type 3, code 13) by access-group "FW_Internet_Inside-in" [0x72c818cf, 0x518600b1]

Labels:
0 Helpful
1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

‎10-30-2018 02:38 PM

is this your internal IP ?10.132.246.66 if so you need to find our what is that device try to contact 122.228.10.51 (this IP is as per APNIc records as below)  - 

inetnum:        122.228.10.32 - 122.228.10.63
netname:        JI-LIN-GAO-SHENG-KE-JI-CORP
country:        CN
descr:          JI LIN GAO SHENG KE JI CORP
descr:
admin-c:        WY1879-AP
tech-c:         CW27-AP
mnt-irt:        IRT-CHINANET-ZJ
status:         ASSIGNED NON-PORTABLE
mnt-by:         MAINT-CN-CHINANET-ZJ-WZ
last-modified:  2015-03-23T19:52:03Z
source:         APNIC

 

so suggestion is investigate locally anything running inside the device.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents