What is causing ping sweep?

Question

I am spotting ping sweeps on our firewall log originating from our Windows 2003 SP2 x64 server.

The traffic shows sequential pings sent to private ranges only. Eg: 192.168.1.1 192.168.1.2 192.168.1.3 ... 192.168.255.254

I have run a virus scan on the server and have used Network Monitor and Wireshark to inspect the outbound packets. I cannot find any process ID associated with the ICMP requests.

The only processes with icmp.dll loaded are winlogon.exe and spoolv.exe.

Can anyone offer any suggestions as to the cause of this traffic or how I might further investigate it?

Thanks in advance!

score 0 · Answer 1 · answered Jul 31 '12 at 02:09

0

Perhaps look at the Sysinternals TCPView Utility. May not work for your situation but the only thing I could think of for the moment.

answered Jul 31 '12 at 02:09

Jonathan Houston

1

Thanks for the reply but unfortunately I can't seem to identify any ICMP traffic in TCPView. – Ryan Armstrong Aug 16 '12 at 00:56

What is causing ping sweep?

1 Answers1