Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Logging ICMP Connections

I have a pix 520. I am loosing outbound internet access almost daily that requires me to do a clear xlate to reestablish a connection. Thursday's Worm Webinar touched on this same behavior as possibly being indicative of the Nachi Worm presence. Feedback in the webinar indicated that one could pinpoint machines infected with Nachi worm by logging ICMP connection attempts. How do I do this?

1 REPLY
Silver

Re: Logging ICMP Connections

You could edit your access-lists so that they include the log keyword.

That said, I don't think this will help you discover the nachi worm's presence - I think you will need to use something that can detect what is in the ICMP echo request payload to more accurately fingerprint Nachi pings versus pings from other programs

95
Views
0
Helpful
1
Replies
CreatePlease to create content