Icmp?
Results 1 to 6 of 6

Thread: Icmp?

  1. #1
    Junior Member
    Join Date
    Aug 2003
    Posts
    10

    Exclamation Icmp?

    My friend asked me about a warning he got over the PC-Cillin firewall that said "ICMP echo requests".........and it pops up continuously to warn him... and he is asking me what it is......so.... i come to this home, and hope can get some answer out of it.....

    Question
    1. what is ICMP?
    2. what's the threat for ICMP echo request... (comming from the NACHI.A virus)?

    Thanx to the one who takes time to read my thread and response....
    Technology = Power

  2. #2
    Banned
    Join Date
    Jul 2002
    Posts
    877
    Oh ICMP thats just somebody's PC pinging yours. Could be pinging looking for a response from a box to run its exploits on. I hope its droping fine and you've atleast patched up all that dcom bullcrap.

    http://www.rav.ro/virus/showvirus.php?v=199

  3. #3
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    ICMP is a protocol used to transfer information on network operation or problems. It can tell you if a host is up and other nifty info. A better explanation can be found here - http://www.cotse.com/CIE/Topics/81.htm

    Echo requests are a simple ping request. People use them to see if a host is up or possibly in doing a ping sweep to see what machines in a specific range of ip's is alive and answering. Alot of people decide to block this at their firewall.
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

  4. #4
    Junior Member
    Join Date
    Aug 2003
    Posts
    10
    thanx
    Technology = Power

  5. #5
    Hello,

    To answer your second half of that question:
    2. what's the threat for ICMP echo request... (comming from the NACHI.A virus)?
    Yes the Nachi.a virus will cause the 'pings' that were mentioned.

    The threat from ICMP echo is mainly a network traffic issue. If your on a large network with many PC's, if you had a few infected with Nachi.a causing massive 'pings' - it would noticably slow down your network or possibly even crash it.

    Also, there is such a thing of ICMP flooding, which is a method of sending SO MANY pings SO quickly to a single PC/Router that the receiver of those pings can't process them all. This is a method i believe is commonly used mainly to bring down a server or router. (Although most modern systems have handling for it now, I believe - it can overwhelm a network)...

    Others here can probably explain it better, if your truely interested, but thats the jist of it...

    RRP

  6. #6
    Banned
    Join Date
    Nov 2003
    Posts
    15
    It could be someone running nmap searching for a port opened by that virus/backdoor

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •