General discussion

Locked

ICMP Flood Question???

By cbarone ·
Hello,

On my two servers with public Ips I seem to be receiving ICMP Floods all the time. I use BlackIce Defender for server on both of the Servers with the public IP's.

In net stat I see multiple IP address' with this type of heading:

TCP Server3:1083 63.143.16.41:http SYN_SENT

Can someone educate me on net stat? What is going on with these floods. Who is causing them? Is this an attack or just information being sent by other DNS servers?

Thanks for your help in advance.

Chris B
cbarone@slingshotsolutions.com

This conversation is currently closed to new comments.

1 total post (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

ICMP Flood Question???

by Some Guy in Seattle In reply to ICMP Flood Question???

This is not an ICMP flood. There is an HTTP request sent by this IP address to your machine. Most likely this machine has the Code Red worm on it and it is scanning for other machines to infect. You can't do a lot about it, unless your ISP is willing to block it upstream. If you don't have Microsoft IIS running on your box don't worry about it. If you do, patch it, and check symantec.com to find out how to disinfect yourself.

Hope that helps -

Back to Windows Forum
1 total post (Page 1 of 1)  

Related Discussions

Related Forums