Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Huge ICMP Traffic from W2K server

Status
Not open for further replies.

Copierbw

Technical User
Sep 25, 2002
112
IE
I have realized that our server are sending out a huge amount of ICMP traffic onto the network.
Can anyone please tell me what might caused this ICMP traffic and how to stop it. I have run numerous Trojan detectors, virus etc and none come up with anything... Help appreciated..

You don't need eyes to see just the vision because there are always more ways and different answers to what we are used to...
 
I had same problem with DOS attacks. Someone was endlessly pinging ISPs router from my clients NIC.Enhanced ICMP traffic could also be 'caused by low-quality connection apropos large number of droped or faulty packets.
 
I dont know if you realise that was the main intent of the Msblaster worm.

Can you disble ICMP on your core switches and router?

Make sure the server is patched up real good with all the MS security updtes and running the latest DAT file for your AVSW.

Ö¿Ö
 
Try downloading a tool called fixwelch.exe from symantec.
It certainly sounds like the welchia virus, and yes it is a variant of the blaster.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top