Increased ICMP Traffic on Network
Good afternoon to all the network-gurus
Let me give a little background to set this up:
I work at a small private college in the IT department.
Our network is divided into three VLans-- Residence Halls, Administrative and Academic(Faculty, Labs)
We run everything through an HP 9304 Routing Switch, which is setup to deny almost all traffic coming from the residence halls to either the academic or admin networks. I view the log of this "denied traffic" daily.
My quandary is this:
Over the last couple of days, I have a seen a BIG jump in ICMP traffic between the Res VLAN and the Admin VLAN.
For example, there are ICMP connection attempts, from sequential IP's - 172.16.3.10, 172.16.3.11, 172.16.3.12, etc. to the exact same IP on the Admin network. This has been happening every few seconds for the past few days. It almost always goes sequentially from the sender's side, and it has targeted the same IP on the admin side(luckily just a workstation, not a mission critical Server, host, etc.)
Any ideas what may be casuing this? Is there a certain virus or other type trojann that might be causing this?