From: Bill Verzal (BVerzal@KOMATSUNA.COM)
Date: Tue Sep 23 2003 - 15:55:42 EDT
If they are ICMP message "8" packets, you probably have the most recent
worm Nachia or the Worm it was trying too clean.
BV
--------------------------------------------------------
Bill Verzal
AIX Administrator, Komatsu America
(847) 970-3726 - direct
(847) 970-4184 - fax
|---------+---------------------------->
| | "Pugliese, |
| | Edward" |
| | <s11018@SLK.COM> |
| | Sent by: IBM AIX |
| | Discussion List |
| | <aix-l@Princeton.|
| | EDU> |
| | |
| | |
| | 09/23/2003 02:15 |
| | PM |
| | Please respond to|
| | IBM AIX |
| | Discussion List |
| | |
|---------+---------------------------->
>-------------------------------------------------------------------------------------------------------------------------------|
| |
| To: aix-l@Princeton.EDU |
| cc: |
| Subject: Tracking source of ICMP packet |
>-------------------------------------------------------------------------------------------------------------------------------|
I have tracked down the source of some pesky ICMP packets to a certain
host.
I have confirmed it is the specific host by running "iptrace" and seeing
the
specific IP address for the source and destination that is in question for
the "ECHO REQUEST". What I can not figure out is how to backtrack to the
process that is generating the ICMP packets. Any assistance in how I
might
do this would be appreciated.
Thanks,
Ed
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:17:14 EDT