Suspicious ICMP Activity

  • Thread starter Leonard Leffand
  • Start date
L

Leonard Leffand

We have several Windows 2000 workstaitons across our
enterprise that are putting out heavy ICMP traffic. They
are all patched with SP4 and the latest hot fixes for
Blaster and for Nachi. McAfee reports no viruses on these
machines. Yet they are continuiously pinging a random
series of addresses.

Also when we turn off the DHCP Client Service on the
affected workstations, the problem goes away. Is this a
Windows bug? A new virus?

Any ideas?


Please reply directly to (e-mail address removed)

Thank You.

Lenny Leffand
 
M

matt

with newer versions of windows, when a computer doesn't
get a DHCP lease, it will set itself an ip of
169.254.x.x.. your computers might be pinging those ip's
in order to find computers that haven't gotten a lease
from the dhcp server.
 
S

Steven L Umbach

What you might want to do is to install a personal firewall on one of those
computers. Sygate would be a good choice because of its excellent logging even to the
packet level. Then the firewall will alert you as to what process/application on that
computer is causing that activity which may help you track the problem down. ---
Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Suspicious ICMP Traffic 1
icmp traffic between workstations and DNS server 5
HELP!!! SERVICES TERMINATING UNEXPECTEDLY 1
Services intermittantly stopping 5
Help with Fatal DNS errors 8
FWT Newsletter - Weekly - November 17, 2003 0

Top