The 'ping.asp' CGI is installed. Some versions allows a cracker to launch a ping flood against your machine or another by entering '127.0.0.1 -l 65000 -t' in the Address field.

remove it. Reference : http://online.securityfocus.com/archive/82/275088