CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 2 of 2

Thread: Blocking too much ICMP echo-requests

  1. #1
    Join Date
    2008-07-30
    Location
    Banja Luka, Bosnia
    Posts
    56
    Rep Power
    16

    Default Blocking too much ICMP echo-requests

    Hello,

    Exchange ActiveSync application uses ICMP for checking server availability. Once in a month some of the user phones we deal with here get wild and start sending lots of these icmp echo-request packets. Sometimes this generates huge amounts of logs on the Exchange server and it gets stuck.

    Can you think of a way to block these excessive icmp packets without blocking every echo-request packet. I just need a quota for ICMP for a particular server inside my network. Is this doable?

    Cheers!

    Bojan

  2. #2
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,252
    Rep Power
    19

    Default Re: Blocking too much ICMP echo-requests

    Quote Originally Posted by shukalo83 View Post
    Hello,

    Exchange ActiveSync application uses ICMP for checking server availability. Once in a month some of the user phones we deal with here get wild and start sending lots of these icmp echo-request packets. Sometimes this generates huge amounts of logs on the Exchange server and it gets stuck.

    Can you think of a way to block these excessive icmp packets without blocking every echo-request packet. I just need a quota for ICMP for a particular server inside my network. Is this doable?

    Cheers!

    Bojan
    If you have SecureXL enabled this is quite easy to set up with a negligible overall performance impact, check out the Rate-Limiting function implemented via the "fw samp" command. This is covered in my book and the functionality is nicely summarized in my posting here:

    https://www.cpug.org/forums/showthre...6965#post86965
    --
    Third Edition of my "Max Power 2020" Firewall Book
    Now Available at http://www.maxpowerfirewalls.com

Similar Threads

  1. icmp drop:ICMP request sent by replying peer
    By nz-ipv6 in forum Miscellaneous
    Replies: 2
    Last Post: 2012-01-12, 10:51
  2. Echo Reply Duplicate!
    By monikavo in forum Check Point IP Appliances and IPSO (Formerly Sold By Nokia)
    Replies: 2
    Last Post: 2010-05-21, 22:12
  3. ICMP Echo Request - only allow certain size packet
    By BAM279 in forum IPS Blade (Formerly SmartDefense)
    Replies: 2
    Last Post: 2007-07-25, 11:23
  4. Double icmp echo-reply
    By bouhdada in forum NAT (Network Address Translation)
    Replies: 0
    Last Post: 2006-04-19, 07:11
  5. Blocking ICMP packets of a particular length
    By Barry J. Stiefel in forum Services (TCP, UDP, ICMP, etc.)
    Replies: 0
    Last Post: 2005-08-12, 22:31

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •