Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Increase ping activity

Status
Not open for further replies.
jassrs

jassrs

Technical User
Joined
Jul 10, 2003
Messages
56
Location
US
Has anyone noticed an increase of ping activity to their networks? And if so, where is it coming from?
 
Sort by date Sort by votes
Ping packets are common to everyone, being a large network or an individual user. They are sent by anyone, your ISP, or anyone wanting to know how long it takes for packets to be sent to you. There is no need to worry, as it is typical Internet activity.

--Sapient2003 - sapient@sapient2003.com
"The worst insecurity is believing you are too secure."
 
Upvote 0 Downvote
Nope, not mistaken. Why would anyone preform any DoS attack on randon hosts? Doesn't make sense doing it that way.

--Sapient2003 - sapient@sapient2003.com
"The worst insecurity is believing you are too secure."
 
Upvote 0 Downvote
I suspect the increased traffic is down to the Nachi worm (or variants) - certainly we've seen a marked increase in ICMP traffic over the last month or so.
 
Upvote 0 Downvote
Thanks mattray for the thread link....
My ICMP traffic is incredible borderline ridiculus.
 
Upvote 0 Downvote
jassrs, we caught the nachi worm a few weeks ago on our network. DOS attack crashed our firewall and stoped network traffic.

As a quick-fix we blocked all outgoing TCP ports 666-765, which gave us access to the internet and killed the DOS attack.

Then we had to figure out which computers were infected and which weren't. Easiest way to pinpoint those was to monitor the network activity and see which computers would try to communicate with others on the domain the most. Since nachi sends itself out on TCP port 135 or 80 you can quickly find out which machine is infected and use symantec/mcafee hotfixes to repair it. Hope this helps
 
Upvote 0 Downvote
My pings are coming into port 8 from 12.xxx.xxx.xxx range (ICMP packets are being dropped). I dont think we have the nachi since we are still able to function. How can I get some of this activity slowed down or do I just ride it out?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Garbear
  • Locked
  • Question Question
TZ190 VPN Connection works but can't ping some IP's on either side
Replies
0
Views
302
Garbear
Garbear
sabin808
  • Locked
  • Question Question
TZ205 | Unable to ping WAN IP from LOCAL ZONE
Replies
0
Views
243
sabin808
sabin808
Shad0wguy
  • Locked
  • Question Question
Unable to ping specific IP across interfaces, can ping on same interface
Replies
6
Views
679
Shad0wguy
Shad0wguy
quazimotto
  • Locked
  • Question Question
Ping thru PIX to subnet inside??!!
Replies
0
Views
245
quazimotto
quazimotto
Designware
  • Locked
  • Question Question
External IPs showing on email activity - Do I need to worry?
Replies
0
Views
180
Designware
Designware

Part and Inventory Search

Sponsor

Back
Top