So I've noticed a pretty much continual stream of ICMP messages in the network protection live log. The source IP is 10.0.0.10 which is my windows 7 workstation, but I think that is a red herring, since the source MAC is that of the WAN NIC (this is running virtualized under ESXi 5.0). The destination IP seems to be an assortment of IP addresses. I'm pretty sure the packets are NOT sourced by my workstation, since I shut it down and the messages continue unabated :) While the messages scroll by (not DoS, it's only a few every so many seconds), I've run tcpdump on LAN and WAN and never see any packets with 10.0.0.10 as the source. It's almost like these are some kind of packets that *were* sent by my workstation, and are being re-sent by the ASG or some such. They are flagged as "DEFAULT DROP" which is also odd, since I have an outbound "allow any" rule. Any ideas?
↧