TechRepublic|Forums|Windows Forum

Windows Forum

General discussion

  • Creator
    Topic
  • September 10, 2003 at 1:37 am #2316275

    Strange behavior(internal comp. pinging)

    Locked

    by a.nader · about 20 years, 7 months ago

    We are using 512 kbps ADSL line to connect our department (about 50 computers) to the internet through a win2000 server supported with ISA server. The problem is that, sometimes, some internal computers (Win 2000 server or prof. and WinXP ) send large amounts of ICMP echo requests to IP addresses outside our subnet (130.10.0.0 , 255.255.0.0 ) causing the download rate to degrade to unacceptable levels (sometimes to 10 kbps) or even crashing the external network interface . For example, one computer may ping IP addresses from 130.7.0.1 to 130.20.255.254 successively without waiting for replies for the sent requests.

    Thanks for your help

    Topic is locked This conversation is currently closed to new comments.
  • Creator
    Topic

All Comments

  • Author
    Replies
    • September 10, 2003 at 6:26 am #3380420

      Reply To: Strange behavior(internal comp. pinging)

      by curacao_dejavu · about 20 years, 7 months ago

      In reply to Strange behavior(internal comp. pinging)

      I am not behind my ISA server right now, to tell in detail , but you should allow the clients only access to the protocols they need instead of every thing ( I believe it’s in policies or packet filters (they are not able to that on my network) ). Turn on the log options to see which computers are doing that and take actions, there might be a trojan horse or virus on those computers.
      If you have a spare computer, you can install netprobe 0.4, and plugg it in the same “hub” as where the iSA server is plugged into. You will get a graphical view of what traffic is going on your network (to where and from where).
      On the computers you can install active port to see what ports are being used, so you would be able to trck a possible trojan. both programs are free.

      Is the winproxy client installed on the computers ?

      Leopold

    • September 10, 2003 at 8:01 am #3380393

      Reply To: Strange behavior(internal comp. pinging)

      by mm212 · about 20 years, 7 months ago

      In reply to Strange behavior(internal comp. pinging)

      This sounds suspiciously like the MSBlast worm or (more likely) the Nachia worm. I would be sure the antivirus is installed and updated and do a full system scan. Symantec has removal tools for these worms. Once the worm is removed, be sure all workstations are patched through Windows Update so the rest don’t also get infected.

    • September 10, 2003 at 10:37 am #3380344

      Reply To: Strange behavior(internal comp. pinging)

      by sgt_shultz · about 20 years, 7 months ago

      In reply to Strange behavior(internal comp. pinging)

      sounds like Blaster to me. the fix is available at http://www.symantec.com for free even if you don’t have norton anti-virus. microsoft has extensive info on this worm and how to deal with it…i would begin by checking my router configuration and shutting down all the ports but 80 and whatever you need for mail, pcanywhere, streaming, icq etc

    • October 23, 2003 at 6:16 pm #2744774

      Reply To: Strange behavior(internal comp. pinging)

      by mistress1966 · about 20 years, 6 months ago

      In reply to Strange behavior(internal comp. pinging)

      sounds to me u have the w32.Welchia worm as i have had the same prob recently and done a virus scan and thats what it came up with all is working well now 🙂

  • Author
    Replies
Viewing 3 reply threads