All, It might be this new worm, have a look at
http://vil.nai.com/vil/content/v_100559.htm New RPC worm which will generate lot of ICMP traffic. Thanks, Antony Abraham -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, August 18, 2003 6:56 PM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] [UPDATE] ping floods All, What we have here at the moment is the following: 1) IntraNet machines are pinging to random IP addresses (both targetting our IntraNet and outside) 2) From time to time, when a particular machine is pinging from a subnet, it appears some new machines on that subnet are starting to ping too. 3) these pings, grouped together, creates flooding (even if singlely they seems to be ping with a 1/3s TTL delay) impacting the whole IntraNet. 4) Checking a machine part of this ping "flood", we found nothing suspicious (no unknown program, ...) but we dont master Windows technology. The box was antivirused with a well-known vendor solution, up-to-date in its virus definitions. Our assumptions is this might be a brand new worm, not yet known to antivirus companies (no news/alerts on their sites). To solve, we applied on our routers routing the ICMP requests an access-list to bar these requests. This globally solved the problem until we can be able to solve each machine. Thanks Brgrds _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
This e-mail and any files transmitted with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Any unauthorised review, use, disclosure, dissemination, forwarding, printing or copying of this email or any action taken in reliance on this e-mail is strictly prohibited and may be unlawful. Visit us at http://www.cognizant.com