CORPORATE PROFILES
I
I
I
I
I

  Router Solution
  ------------------------------------------
Overview
Pro Series Router
Industrial Series Router
Pro Series Network Card
Ind Series Network Card
   
  WAN Monitoring
  ------------------------------------------
WAN monitoring card
WAN monitoring tapper
   
  Technical Support
  ------------------------------------------
Manual Downloads
Technology
Case Study
Technical Notes
FAQ
   

 

 

 
ImageStream - Blocking Nachi Worm

Blocking Nachi/Welchia Worm ICMP Scans

The recent W32/Nachi and W32/Welchia worms perform ICMP scanning in an attempt to identify systems for exploitation. Depending the the number of host infected on the network the ICMP scanning can result in unwanted increase of traffic.

These scans could generate enough traffic to create delay on the upstream link(s) and disrupts users. Infected machines scanning your network(s) may increase the amount of ARP traffic generated on the local LAN.

More information about these worms and there effects can be fount at Cert's website.

Blocking the ICMP Scans

The ICMP scan is a 92 byte ICMP echo-request. It can be blocked using the following iptables firewall rule: