InICMP: Nachi Worn Host sweep description it says that “ This alertindicates detection of a large number of ICMP echo requests from a given sourceIP address. The number ofrequests exceeds the set threshold”.
Does any one knows what is the threhold value ??
This is the reconnaissance attack that will trigger based on a number of occurances of the ICMP: Nachi-like Ping component attack.
You can change the threshold in your reconnaissance policy.
The default is 5 events in 25 seconds.
Retrieving data ...