0 Replies Latest reply on May 23, 2014 3:14 AM by new character

    Lots of ICMP connections at once in firewall logs

    new character

      Hi

       

      Looking through the logs for one of our firewalls we've noticed lots of ICMP requests throughout the day coming from our solarwinds server. It looks like it's scanning subnets to me, but we have subnet scanning set to every 4 hours and it's happening way more frequently.

       

      Is there another option somewhere?

       

      Here is just a random excerpt.. this happens many many times per day and every time it seems to step through an entire subnet.

       

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.24/0 laddr 10.10.10.24/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.4/0 laddr 10.10.10.4/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.5/0 laddr 10.10.10.5/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.25/0 laddr 10.10.10.25/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.6/0 laddr 10.10.10.6/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.27/0 laddr 10.10.10.27/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.8/0 laddr 10.10.10.8/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.28/0 laddr 10.10.10.28/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.9/0 laddr 10.10.10.9/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.30/0 laddr 10.10.10.30/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.11/0 laddr 10.10.10.11/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.1/0 laddr 10.10.10.1/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.12/0 laddr 10.10.10.12/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.33/0 laddr 10.10.10.33/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.14/0 laddr 10.10.10.14/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.34/0 laddr 10.10.10.34/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.15/0 laddr 10.10.10.15/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.17/0 laddr 10.10.10.17/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.18/0 laddr 10.10.10.18/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.36/0 laddr 10.10.10.36/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.19/0 laddr 10.10.10.19/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.38/0 laddr 10.10.10.38/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.13/0 laddr 10.10.10.13/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.16/0 laddr 10.10.10.16/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.22/0 laddr 10.10.10.22/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.20/0 laddr 10.10.10.20/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.2/0 laddr 10.10.10.2/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.4/0 laddr 10.10.10.4/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.24/0 laddr 10.10.10.24/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.5/0 laddr 10.10.10.5/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.25/0 laddr 10.10.10.25/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.27/0 laddr 10.10.10.27/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.8/0 laddr 10.10.10.8/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.28/0 laddr 10.10.10.28/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.9/0 laddr 10.10.10.9/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.30/0 laddr 10.10.10.30/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.11/0 laddr 10.10.10.11/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.12/0 laddr 10.10.10.12/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.33/0 laddr 10.10.10.33/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.14/0 laddr 10.10.10.14/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.34/0 laddr 10.10.10.34/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.17/0 laddr 10.10.10.17/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.36/0 laddr 10.10.10.36/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.18/0 laddr 10.10.10.18/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.19/0 laddr 10.10.10.19/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.38/0 laddr 10.10.10.38/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.21/0 laddr 10.10.10.21/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.39/0 laddr 10.10.10.39/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.40/0 laddr 10.10.10.40/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.23/0 laddr 10.10.10.23/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.42/0 laddr 10.10.10.42/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.44/0 laddr 10.10.10.44/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.26/0 laddr 10.10.10.26/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.45/0 laddr 10.10.10.45/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.46/0 laddr 10.10.10.46/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.29/0 laddr 10.10.10.29/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.31/0 laddr 10.10.10.31/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.32/0 laddr 10.10.10.32/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.50/0 laddr 10.10.10.50/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.51/0 laddr 10.10.10.51/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.35/0 laddr 10.10.10.35/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.37/0 laddr 10.10.10.37/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.41/0 laddr 10.10.10.41/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.43/0 laddr 10.10.10.43/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.47/0 laddr 10.10.10.47/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.48/0 laddr 10.10.10.48/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.49/0 laddr 10.10.10.49/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.21/0 laddr 10.10.10.21/0

      21-05-2014 00:05:13 Local4.Info 192.168.8.1 %ASA-6-302021: Teardown ICMP connection for faddr 10.0.2.54/72 gaddr 10.10.10.39/0 laddr 10.10.10.39/0