September 15th, 2003, 03:42 PM
September 15th, 2003, 03:45 PM
Oh ICMP thats just somebody's PC pinging yours. Could be pinging looking for a response from a box to run its exploits on. I hope its droping fine and you've atleast patched up all that dcom bullcrap.
September 15th, 2003, 03:53 PM
ICMP is a protocol used to transfer information on network operation or problems. It can tell you if a host is up and other nifty info. A better explanation can be found here - http://www.cotse.com/CIE/Topics/81.htm
Echo requests are a simple ping request. People use them to see if a host is up or possibly in doing a ping sweep to see what machines in a specific range of ip's is alive and answering. Alot of people decide to block this at their firewall.
"When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
"There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
"Mischief my ass, you are an unethical moron." - chsh
Blog of X
September 15th, 2003, 04:18 PM
September 15th, 2003, 04:37 PM
To answer your second half of that question:
Yes the Nachi.a virus will cause the 'pings' that were mentioned.
2. what's the threat for ICMP echo request... (comming from the NACHI.A virus)?
The threat from ICMP echo is mainly a network traffic issue. If your on a large network with many PC's, if you had a few infected with Nachi.a causing massive 'pings' - it would noticably slow down your network or possibly even crash it.
Also, there is such a thing of ICMP flooding, which is a method of sending SO MANY pings SO quickly to a single PC/Router that the receiver of those pings can't process them all. This is a method i believe is commonly used mainly to bring down a server or router. (Although most modern systems have handling for it now, I believe - it can overwhelm a network)...
Others here can probably explain it better, if your truely interested, but thats the jist of it...
November 7th, 2003, 08:06 PM
It could be someone running nmap searching for a port opened by that virus/backdoor