Firewall receiving PINGS from a non-public IP address

155 pts.
Tags:
Firewalls
IP address
IP address conflicts
Network security
My firewall has been receiving and blocking PING's from the following IP address: 10.40.16.145. This address being a non-public IP address, I'm a bit confused. First, how does this data traverse the Internet when the originating IP address is not a standard public address? Is there any way to determine the true originating address? If I run a Trace Route on the address, it times out after 7 hops, referencing the following IP's: 70.86.70.33 70.87.254.1 70.85.127.5 These IP's belong to The Planet. Should I contact them? Can anyone shed some light on this? Many thanks.

Answer Wiki

Thanks. We'll let you know when a new response is added.

I assume you get those pings on the ISP-facing side of the firewall – right?

Private IPs are not routable, but any ISP has a LAN, where your external firewall interface is connected. Some hosts on this LAN could have private IPs, or have both private and public IPs raised on a single physical card, etc., etc.

I’ll not discuss the accordance of such practices to the standards, but this happens every now and then. So if these offending pings are blocked on the firewall and their quantity couldn’t be qualified as DoS attack I wouldn’t pay much attention to them

Discuss This Question: 6  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Labnuke99
    Which fw interface has been receiving these pings? IP addresses can be spoofed in packets. You need to look into the packets and see if any source MAC address information is shown or any other details can be determined from packet contents.
    32,960 pointsBadges:
    report
  • Guardian
    What firewall are you using. And which interface is receiving these pings? Has anything changed on your firewall settings?
    900 pointsBadges:
    report
  • Tswirka
    Everyone, Thank you for the responses. The firewall box is a WatchGuard X500 (an old one I know) The PINGS are coming in on the External (Internet facing) side. Nothing has changed in the configuration of the firewall since I installed it in 2006. I never considered that the source of these PINGS could be the ISP but that would be a good place to check. I will also see if there is a way to examine the packets to get more info on the source.
    155 pointsBadges:
    report
  • Tswirka
    [...] Firewall receiving PINGs from a non-public IP address [...]
    0 pointsBadges:
    report
  • Sixball
    Working for an ISP myself, I can say that this is not that uncommon. Some "ISP Routers" are really Multi-layer switches. If you have a direct link to the ISP, and internal pings are being flooded out the interface connected to your device, then it seems that 1) routing and switching on the ISP side is not configured properly and 2) contacting them would be the best place to start you traces rather confirm it, as you're going back into their equipment, which is then resolving it to their device's IP's...
    8,705 pointsBadges:
    report
  • Tswirka
    [...] Firewall receiving pings from a non-public IP address [...]
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following