Re: query about firewall log entries

Hi,
for more information read posts about "Continuous Ping Requests"
sent 22th of this month.

ICMP (type:8/subtype:0) is a "ping" request. It used used to know
if a host is alive.

Some new viruses like Welchia use this before trying to infect
other computers. The reason why you get more than usual
is because Welchia is kinda new, already infected alot of computer
by this time and still trying to spread around.

Ciao

---------------------------------------------------------------
Maxime Ducharme
Administrateur reseau, Programmeur


----- Original Message -----
From: "Mat" <>
Newsgroups: alt.computer.security,comp.security.firewalls
Sent: Monday, August 25, 2003 1:38 PM
Subject: query about firewall log entries


> Greetings
>
> For a few days now I've noticed a lot more activity in my ZoneAlarm
Firewall
> log. I wondered if anyone could shed some light on its relevance and/or
> whether I should be concerned.
>
> The 'hits' that it is registering are all listed in the Protocol section
of
> the log as:
>
> ICMP (type:8/subtype:0)
>
> and are mostly from IPs in the region
>
> 62.13x.xxx.xxx
>
> Is this unusual activity?
>
> Any information greatly appreciated.
>
>
>

Maxime Ducharme