Ping packets are common to everyone, being a large network or an individual user. They are sent by anyone, your ISP, or anyone wanting to know how long it takes for packets to be sent to you. There is no need to worry, as it is typical Internet activity.
--Sapient2003 - sapient@sapient2003.com
"The worst insecurity is believing you are too secure."
I suspect the increased traffic is down to the Nachi worm (or variants) - certainly we've seen a marked increase in ICMP traffic over the last month or so.
jassrs, we caught the nachi worm a few weeks ago on our network. DOS attack crashed our firewall and stoped network traffic.
As a quick-fix we blocked all outgoing TCP ports 666-765, which gave us access to the internet and killed the DOS attack.
Then we had to figure out which computers were infected and which weren't. Easiest way to pinpoint those was to monitor the network activity and see which computers would try to communicate with others on the domain the most. Since nachi sends itself out on TCP port 135 or 80 you can quickly find out which machine is infected and use symantec/mcafee hotfixes to repair it. Hope this helps
My pings are coming into port 8 from 12.xxx.xxx.xxx range (ICMP packets are being dropped). I dont think we have the nachi since we are still able to function. How can I get some of this activity slowed down or do I just ride it out?
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.