16 Jan
2004
16 Jan
'04
6:36 p.m.
On Jan 16, 2004, at 3:31 PM, jlewis@lewis.org wrote:
It's those dang Nachi-sized ICMP echo/echo-replies. We block those at all our transit points and dial-up ports. Nachi was killing our cisco access-servers until we did this to stop the spread.
FYI, Nachi is basically dead now from what I can tell. It was timed to expire in January of this year, and our flowscan graphs bear this out. Prior to it's self-destruction, Nachi traffic comprised about half of all our incoming flows. ICMP is back to pre-Nachi levels here now, and I have heard similiar reports elsewhere.