Gary Heston wrote:

In article <birofc$nak$2@hercules.btinternet.com>,
Nick M V Salmon <spam_dump@btinternet.com> wrote:

"BW" <noone@nowhere.com> wrote

Don't know if this is it, but I have seen "Pings" at about a 2 / min rate
hitting my firewall in the same time frame.    [ ... ]

Blaster worm, it figures, I'd thought it might be that because the problem
started at roughly the same time that was set lose 'into the wild'. :-/

It's not MS Blaster, it's the SOBIG.F email worm. MS Blaster and Wachia (the
anti-blaster disaster) target the RPC port instead of doing a ping.

The Welchia worm tries to use pings to locate other machines that
may be infected:

<http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html>

I have seen two cases of corporate networks infected with this one and
in both cases the networks were virtually unusable due to the number
of ICMP packets being sent.

I was lucky - I run W98 and Linux - neither of which can get infected
with these viruses. But it doesn't stop them from trying.  Zone Alarm
is blocking 4-5 ICMP Type 8's a minute and the cable modem activity
light is on almost constantly.

See if you can turn off ICMP responses in your modem; if activity is
determined by outgoing traffic, that would solve your problem.

We did something similar at work - set all the routers to ignore ICMP
traffic.  It screwed up a lot of the network monitoring gear, but at
least it let us use most of the network.

-- 
Dom