Ian
Stole All the Forum Stars
Good things come to those who wait ...
Posts: 2913
|
 |
Finally, a reason for the ICMP flooding...
« on: Sep 5th, 2003, 10:40am » |
 Quote  Modify
|
It's down to a variant of the Nachi.A worm (which some have - bizarrely - attempted to describe as a 'cure' for Blaster).
I spotted this comment on Symantec's website the other day:-
Subsequent to Blaster, another worm - W32/Nachi-A (also known as W32/Nachi.worm, WORM_MSBLAST.D, Lovsan.D, W32.Welchia.Worm, Welchi) was discovered - this worm attempts to patch the operating system and remove the Blaster worm. It is, however, causing many problems of its own and Symantec is receiving reports of severe disruptions on the internal networks of large enterprises caused by ICMP flooding related to the propagation of the W32.Welchia.worm. In some cases, enterprise users have been unable to access critical network resources. [ICMP is a TCP/IP protocol used to send Internet messages.]
Seems to me that this would be the reason I'm seeing so many ICMP hits from my own ISP - obviously seen by the worm as a massive corporate network.
|
Mischel Internet Security Forum
Reply
Notify of replies
Send Topic
Print
Author
IP Logged
Search
Members
Login
Register