PfSense hacked? - ICMP Flooding



  • Hi,
    we installed a new pfSense 2.0 RC3, which should replace the "old" pfSense 1.2.3 (the hardware of both machines is identically).

    After the installation, we exported and imported the configuration and exchanged the two pfSense's: so far so good
    But after about 24h, we got an message from our ISP. They disabled the WAN Port to the pfSense because of ICMP-Flooding.
    According to the logs of the ISP, the pfSense did an ICMP-Flooding which completely fill up the 100Mbit internet connection.

    Has anyone ever heard such a thing?
    How can we debug this problem with the logs?

    At the moment, we switch to the old 1.2.3 pfSense and powered off the new 2.0



  • Is this your problem:

    http://forum.pfsense.org/index.php/topic,40480.0.html

    Edit - certainly not responsible for 'flooding', but maybe the ISP is confused.



  • @adrianhensler:

    Edit - certainly not responsible for 'flooding', but maybe the ISP is confused.

    That's my guess.



  • Thanks for this info.
    I'll test this option "Disable Gateway Monitoring" next week.



  • If this turns out to "solve" the problem, you probably want to fire your ISP.  There's no way apinger will saturate a 100mbit connection.


Log in to reply