We have some weird traffic that in torch comes up as the icmp protocol, I tried to drop in/out interfaces all icmp protocol and it still was there showing traffic and my interface traffic for my gateway had 800 rx packets but like 40 tx packets which is really weird and the fact I couldn’t drop the icmp protocol all together makes it even weirder, could this possibly be a bug in the MT 2.8.28? The traffic will be there then a few seconds later like 20 or 30 it goes away and everything is back to normal for about 5-10 seconds then it comes right back again. It’s causing a lot of packet loss because it’s generating so much traffic and I can’t get rid of it. If anyone can help me asap I would greatly appreciate it, this just recently started happening over the weekend and I am clueless as to what I should do to stop this, maybe it’s some weird p2p? or maybe a worm/virus on a client, ddos attack? i don’t know if anyone needs a screenshot or anything I can do that, let me know, thanks!
I take it no one can?
ddos zombie(s) i’d say. just a guess.
packet sniffer receives packets before firewall blocks them.
try looking in the “wrong” direction to see if the filter is effective.
blocking all icmp is like harpooning your foot and then wonder why it later hurts.