I log my PIX messages every day (have been for a long time now). Around the middle of august I started seeing about 10meg log files (compared to 2-4 meg average) of mostly ICMP traffic. Has anyone else noticed a change like this or is someone just ddosing me? I can't imagine that they are since traffic flows fine so that would make it a pretty lame ddos attack. Also, if it were a ddos attack where would be the best place to start to remedy it? FBI or the ISP first?

Danke

Go to www.GRC.com (http://www.GRC.com) and use the tools there.
In fact, read up on the whole site.
Lots of invaluable info.

Thanks but I've read that. Given the way the newest round of viri and hacks work I think alot of traffic is just coming from unpatched/unprotected machines but I want to make sure.

The logs are from my PIX 515.

I would bet on the viruses being the cause. When blaster was making it's rounds port 135 was all I saw on our firewall.

Do you use a log analyser? Maybe it's time to get one. We use an older webtrends version. Don't know if it supports the PIX 515, but here (http://www.surfstats.com/./sla_std.asp) is a log analyser that claims to support the PIX 515 log format (http://www.surfstats.com/logformats.asp).

And I have no experience with the PIX 515 or that log analyser, so take that advise for what it's worth :)