-
September 15th, 2003, 03:42 PM
#1
Junior Member
-
September 15th, 2003, 03:45 PM
#2
Oh ICMP thats just somebody's PC pinging yours. Could be pinging looking for a response from a box to run its exploits on. I hope its droping fine and you've atleast patched up all that dcom bullcrap.
http://www.rav.ro/virus/showvirus.php?v=199
-
September 15th, 2003, 03:53 PM
#3
ICMP is a protocol used to transfer information on network operation or problems. It can tell you if a host is up and other nifty info. A better explanation can be found here - http://www.cotse.com/CIE/Topics/81.htm
Echo requests are a simple ping request. People use them to see if a host is up or possibly in doing a ping sweep to see what machines in a specific range of ip's is alive and answering. Alot of people decide to block this at their firewall.
"When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
"There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
"Mischief my ass, you are an unethical moron." - chsh
Blog of X
-
September 15th, 2003, 04:18 PM
#4
Junior Member
-
September 15th, 2003, 04:37 PM
#5
Member
Hello,
To answer your second half of that question:
2. what's the threat for ICMP echo request... (comming from the NACHI.A virus)?
Yes the Nachi.a virus will cause the 'pings' that were mentioned.
The threat from ICMP echo is mainly a network traffic issue. If your on a large network with many PC's, if you had a few infected with Nachi.a causing massive 'pings' - it would noticably slow down your network or possibly even crash it.
Also, there is such a thing of ICMP flooding, which is a method of sending SO MANY pings SO quickly to a single PC/Router that the receiver of those pings can't process them all. This is a method i believe is commonly used mainly to bring down a server or router. (Although most modern systems have handling for it now, I believe - it can overwhelm a network)...
Others here can probably explain it better, if your truely interested, but thats the jist of it...
RRP
-
November 7th, 2003, 09:06 PM
#6
It could be someone running nmap searching for a port opened by that virus/backdoor
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|