ICMP, normal traffic?

Hi, I had not replies to my earlier WAN Overload? email. Sadly our ISP has simply said that our hardware would not be adversly affected by broadcast traffic. Here is output from our firewall showing many ICMP logs, is it normal to receive so many all within a second? There may well be more, this

MON OCT 02 11:04:05 2006 time="2006-10-02 11:04:05 Mon " proto=1- icmp packet - Source:=217.204.49.146 - Destination:=85.234.133.24 - [ICMP Type: 8 Code: 0 Sequence number: 16516 received from WAN n/w]

MON OCT 02 11:04:05 2006 time="2006-10-02 11:04:05 Mon " proto=1- icmp packet - Source:=217.204.49.146 - Destination:=85.234.133.24 - [ICMP Type: 8 Code: 0 Sequence number:

16516 received from WAN n/w]

MON OCT 02 11:04:05 2006 time="2006-10-02 11:04:05 Mon " proto=1- icmp packet - Source:=217.204.49.146 - Destination:=85.234.133.24 - [ICMP Type: 8 Code: 0 Sequence number:

16516 received from WAN n/w]

MON OCT 02 11:04:05 2006 time="2006-10-02 11:04:05 Mon " proto=1- icmp packet - Source:=217.204.49.146 - Destination:=85.234.133.24 - [ICMP Type: 8 Code: 0 Sequence number:

16516 received from WAN n/w]

MON OCT 02 11:04:05 2006 time="2006-10-02 11:04:05 Mon " proto=1- icmp packet - Source:=217.204.49.146 - Destination:=85.234.133.24 - [ICMP Type: 8 Code: 0 Sequence number:

16516 received from WAN n/w]

MON OCT 02 11:04:05 2006 time="2006-10-02 11:04:05 Mon " proto=1- icmp packet - Source:=217.204.49.146 - Destination:=85.234.133.24 - [ICMP Type: 8 Code: 0 Sequence number:

16516 received from WAN n/w]

MON OCT 02 11:04:05 2006 time="2006-10-02 11:04:05 Mon " proto=1- icmp packet - Source:=217.204.49.146 - Destination:=85.234.133.24 - [ICMP Type: 8 Code: 0 Sequence number:

16516 received from WAN n/w]

MON OCT 02 11:04:05 2006 time="2006-10-02 11:04:05 Mon " proto=1- icmp packet - Source:=217.204.49.146 - Destination:=85.234.133.24 - [ICMP Type: 8 Code: 0 Sequence number:

16516 received from WAN n/w]

MON OCT 02 11:04:05 2006 time="2006-10-02 11:04:05 Mon " proto=1- icmp packet - Source:=217.204.49.146 - Destination:=85.234.133.24 - [ICMP Type: 8 Code: 0 Sequence number:

16516 received from WAN n/w]

MON OCT 02 11:04:05 2006 time="2006-10-02 11:04:05 Mon " proto=1- icmp packet - Source:=217.204.49.146 - Destination:=85.234.133.24 - [ICMP Type: 8 Code: 0 Sequence number:

16516 received from WAN n/w]

MON OCT 02 11:04:05 2006 time="2006-10-02 11:04:05 Mon " proto=1- icmp packet - Source:=217.204.49.146 - Destination:=85.234.133.24 - [ICMP Type: 8 Code: 0 Sequence number:

16516 received from WAN n/w]

MON OCT 02 11:04:05 2006 time="2006-10-02 11:04:05 Mon " proto=1- icmp packet - Source:=217.204.49.146 - Destination:=85.234.133.24 - [ICMP Type: 8 Code: 0 Sequence number:

16516 received from WAN n/w]

MON OCT 02 11:04:05 2006 time="2006-10-02 11:04:05 Mon " proto=1- icmp packet - Source:=217.204.49.146 - Destination:=85.234.133.24 - [ICMP Type: 8 Code: 0 Sequence number:

16516 received from WAN n/w]

MON OCT 02 11:04:05 2006 time="2006-10-02 11:04:05 Mon " proto=1- icmp packet - Source:=217.204.49.146 - Destination:=85.234.133.24 - [ICMP Type: 8 Code: 0 Sequence number:

16516 received from WAN n/w]

MON OCT 02 11:04:05 2006 time="2006-10-02 11:04:05 Mon " proto=1- icmp packet - Source:=217.204.49.146 - Destination:=85.234.133.24 - [ICMP Type: 8 Code: 0 Sequence number:

16516 received from WAN n/w]

MON OCT 02 11:04:05 2006 time="2006-10-02 11:04:05 Mon " proto=1- icmp packet - Source:=217.204.49.146 - Destination:=85.234.133.24 - [ICMP Type: 8 Code: 0 Sequence number:

16516 received from WAN n/w]

MON OCT 02 11:04:05 2006 time="2006-10-02 11:04:05 Mon " proto=1- icmp packet - Source:=217.204.49.146 - Destination:=85.234.133.24 - [ICMP Type: 8 Code: 0 Sequence number:

16516 received from WAN n/w]

MON OCT 02 11:04:05 2006 time="2006-10-02 11:04:05 Mon " proto=1- icmp packet - Source:=217.204.49.146 - Destination:=85.234.133.24 - [ICMP Type: 8 Code: 0 Sequence number:

16516 received from WAN n/w]

MON OCT 02 11:04:05 2006 time="2006-10-02 11:04:05 Mon " proto=1- icmp packet - Source:=217.204.49.146 - Destination:=85.234.133.24 - [ICMP Type: 8 Code: 0 Sequence number:

16516 received from WAN n/w]

MON OCT 02 11:04:05 2006 time="2006-10-02 11:04:05 Mon " proto=1- icmp packet - Source:=217.204.49.146 - Destination:=85.234.133.24 - [ICMP Type: 8 Code: 0 Sequence number:

16516 received from WAN n/w]

MON OCT 02 11:04:05 2006 time="2006-10-02 11:04:05 Mon " proto=1- icmp packet - Source:=217.204.49.146 - Destination:=85.234.133.24 - [ICMP Type: 8 Code: 0 Sequence number:

16516 received from WAN n/w]

MON OCT 02 11:04:05 2006 time="2006-10-02 11:04:05 Mon " proto=1- icmp packet - Source:=217.204.49.146 - Destination:=85.234.133.24 - [ICMP Type: 8 Code: 0 Sequence number:

16516 received from WAN n/w]

MON OCT 02 11:04:05 2006 time="2006-10-02 11:04:05 Mon " proto=1- icmp packet - Source:=217.204.49.146 - Destination:=85.234.133.24 - [ICMP Type: 8 Code: 0 Sequence number:

16516 received from WAN n/w]

MON OCT 02 11:04:05 2006 time="2006-10-02 11:04:05 Mon " proto=1- icmp packet - Source:=217.204.49.146 - Destination:=85.234.133.24 - [ICMP Type: 8 Code: 0 Sequence number:

16516 received from WAN n/w]

MON OCT 02 11:04:05 2006 time="2006-10-02 11:04:05 Mon " proto=1- icmp packet - Source:=217.204.49.146 - Destination:=85.234.133.24 - [ICMP Type: 8 Code: 0 Sequence number:

16516 received from WAN n/w]

MON OCT 02 11:04:05 2006 time="2006-10-02 11:04:05 Mon " proto=1- icmp packet - Source:=217.204.49.146 - Destination:=85.234.133.24 - [ICMP Type: 8 Code: 0 Sequence number:

16516 received from WAN n/w]

MON OCT 02 11:04:05 2006 time="2006-10-02 11:04:05 Mon " proto=1- icmp packet - Source:=217.204.49.146 - Destination:=85.234.133.24 - [ICMP Type: 8 Code: 0 Sequence number:

16516 received from WAN n/w]

MON OCT 02 11:04:05 2006 time="2006-10-02 11:04:05 Mon " proto=1- icmp packet - Source:=217.204.49.146 - Destination:=85.234.133.24 - [ICMP Type: 8 Code: 0 Sequence number:

16516 received from WAN n/w]

MON OCT 02 11:04:05 2006 time="2006-10-02 11:04:05 Mon " proto=1- icmp packet - Source:=217.204.49.146 - Destination:=85.234.133.24 - [ICMP Type: 8 Code: 0 Sequence number:

16516 received from WAN n/w]

MON OCT 02 11:04:05 2006 time="2006-10-02 11:04:05 Mon " proto=1- icmp packet - Source:=217.204.49.146 - Destination:=85.234.133.24 - [ICMP Type: 8 Code: 0 Sequence number:

16516 received from WAN n/w]

MON OCT 02 11:04:05 2006 time="2006-10-02 11:04:05 Mon " proto=1- icmp packet - Source:=217.204.49.146 - Destination:=85.234.133.24 - [ICMP Type: 8 Code: 0 Sequence number:

16516 received from WAN n/w]

MON OCT 02 11:04:05 2006 time="2006-10-02 11:04:05 Mon " proto=1- icmp packet - Source:=217.204.49.146 - Destination:=85.234.133.24 - [ICMP Type: 8 Code: 0 Sequence number:

16516 received from WAN n/w]

MON OCT 02 11:04:05 2006 time="2006-10-02 11:04:05 Mon " proto=1- icmp packet - Source:=217.204.49.146 - Destination:=85.234.133.24 - [ICMP Type: 8 Code: 0 Sequence number:

16516 received from WAN n/w]

MON OCT 02 11:04:05 2006 time="2006-10-02 11:04:05 Mon " proto=1- icmp packet - Source:=217.204.49.146 - Destination:=85.234.133.24 - [ICMP Type: 8 Code: 0 Sequence number:

16516 received from WAN n/w]

MON OCT 02 11:04:05 2006 time="2006-10-02 11:04:05 Mon " proto=1- icmp packet - Source:=217.204.49.146 - Destination:=85.234.133.24 - [ICMP Type: 8 Code: 0 Sequence number:

16516 received from WAN n/w]

MON OCT 02 11:04:05 2006 time="2006-10-02 11:04:05 Mon " proto=6- tcp packet - Source:=213.105.224.17 - Destination:=85.234.133.24 - [Connection unestablished, data arrives Src 36965 Dst 80 from WAN n/w]

... and so on

John

Reply to
johnnypoll
Loading thread data ...

No, it's not normal to receive that many echo-requests. It may be someone trying to DoS your uplink. The source IP looks like it's dynamically assigned to dialup-users or something. The owner of the netblock is Easynet [1], so you may want to contact them about this matter.

However, since you said in your previous post that not only your inbound but also your outbound traffic is unusually high, you may first want to find out what's going on on your own network. Try inspecting the traffic with a protocol analyzer (e.g. Wireshark [2]).

[1]
formatting link
formatting link
cu 59cobalt
Reply to
Ansgar -59cobalt- Wiechers

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.