We have a Juniper SRX acting as gateway/firewall for a guest network. Lately it was throwing 3k-5k syslog messages an hour all for screen alerts.
It keeps saying “large icmp packet received source: <guest device ip> dest: <our srx’s ip>
In our IAP portal I can see all the clients sending them are Android OS devices.
I pulled a pcap and it looks harmless at first glance. Just the phones sending icmp echo requests to their default gateway, packet size usually around 1026 bytes few around 1200-something bytes.
Not sure why they do this, but the SRX definitely feels it’s under “attack.”
I thought I’d be able Google this easily but I can’t really find we’ll documented evidence that Android phones natively do this.
Any advice? I mean I could turn that screen option off, but I’d kinda like to understand what’s actually going on a little more.
No comments:
Post a Comment