Has anyone been looking at their firewall logs lately, Im surprised by the amount of ICMP hits Ive been getting. Most of them are coming from IP address' in the 66.215.xxx.xxx block. Im gettting hundreds a day, but not much else. I tried to ping a few of them back, but time out on most. Course, that does not mean nobody is home.
Does any of the new trojans start pinging away like this?
I suppose I could set up a honey pot to see what happens, but that is a lot of work.
------- new text -------
I did a little research, found out the Welchia Worm sends out ICMP echo request. That is probably what I am seeing in my logs. The infected machines are looking for hosts to respond and test for vulnerability. It seems the Welchia worm ends up causing a DoS like effect on networks cause they are flooded with trafffic.
ZoneAlarm Logs
Moderator: Thanas
-
TrailerParkJawa
- Sith Acolyte
- Posts: 5850
- Joined: 2002-07-04 11:49pm
- Location: San Jose, California
ZoneAlarm Logs
MEMBER of the Anti-PETA Anti-Facist LEAGUE