Jump to content

Firewall reporting Portscan and ICMP Flood


sjalife

Recommended Posts

Hi Guys,

I have an Astaro Firewall and it is reporting 2 errors PERMANENTLY whenever I open uTorrent from any computer.

This is filling up my logs and creating mayhem on my firewall. This errors appear about 3 times / sec

ICMP Flood Error Log Example:

2010:01:25-14:18:32 nsm ulogd[3499]: id="2104" severity="info" sys="SecureNet" sub="ips" name="ICMP flood detected" action="ICMP flood" fwrule="60014" seq="0" initf="eth0" outitf="unknown" dstmac="00:0c:29:58:d3:7a" srcmac="00:00:00:00:00:00" srcip="192.168.0.160" dstip="76.171.98.83" proto="1" length="150" tos="0x00" prec="0x00" ttl="127" type="3" code="3"

Portscan Error Log Example:

2010:01:25-14:12:03 nsm ulogd[3499]: id="2102" severity="info" sys="SecureNet" sub="ips" name="portscan detected" action="portscan" fwrule="60017" seq="0" initf="eth0" outitf="eth2" dstmac="00:0c:29:58:d3:7a" srcmac="00:0c:29:58:d3:8e" srcip="192.168.0.56" dstip="91.199.108.149" proto="6" length="48" tos="0x00" prec="0x00" ttl="62" srcport="59457" dstport="3310" tcpflags="SYN"

Does anyone have any idea what this could be?

Cheers

Link to comment
Share on other sites

Thanx Firon,

the thing is that it's a corporate firewall, and even though I am the sysadmin, I cannot just turn of the portscan protection and the ICMP and ping attack protection, since the logs and stats show therehave been legit atempts to do so before.

(You know that some people have nothing better to do)

What is causing this?

I understand that uTorrent must scan for open ports in order to create the mutiple connections needed to Get high download speeds, but why is it being detected as an attack?

BTW, we are running an Astaro Security Gateway V7

I really hope you can help.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...