Security Basics mailing list archives
RE: IP flood?
From: "Wright, Jeremy" <wright () admworld com>
Date: Wed, 17 Sep 2003 16:23:44 -0500
Possibly there are other devices within the ISP's IP range that have Welchia... -----Original Message----- From: Eric Brown [mailto:ericbrow () ziplip com] Sent: Wednesday, September 17, 2003 11:01 AM To: security-basics () securityfocus com Subject: IP flood? Hello all, I've been watching the list for quite a while now, and I've run across a problem where I can't find a solution. My neighbor got cable internet a few months ago. He's got a Win98 machine that's running the latest version of Zone Alarm. Two weeks ago, he started getting pings that appeared to be from many different IP's, all within the cable ISP's IP range. He likes to see any kind of hits he gets, so he has Zone Alarm set to pop up a window each time. The pings are not steady. He might get one in a 10 second window, then a dozen in the next second. He call tech support, and they changed his dynamic IP to a different one, and this stopped the activity for about an hour. I uninstalled an older version of Zone Alarm, and installed the newest one, and the activity stopped for about 2 hours. His Norton's anti-virus is fully updated. I've run NMap and LANguard network scanner. With zone alarm on, he doesn't show up. Without zone alarm, no ports other than what you would expect on a Win98 machine (no 31337). I ran grc.com's Shields Up and got nothing. Can we stop the IP flood? Can or should the ISP? Or should he just shut off notification in Zone Alarm so he doesn't see the messages. Thanks, Eric Brown To do is to be. -Socrates To be is to do. -Satre Do be do be do. -Sinatra --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ---------------------------------------------------------------------------- CONFIDENTIALITY NOTICE: This message is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by email reply or by telephone and immediately delete this message and any attachments. In the U.S. call us toll free at (800) 637-5843. Spanish, French, Quebecois French, Portuguese, Polish, German, Dutch, Turkish, Russian, Japanese and Chinese: http://www.admworld.com/confidentiality.htm. --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- IP flood? Eric Brown (Sep 17)
- Re: IP flood? Brad Arlt (Sep 17)
- Re: IP flood? Pat Moffitt (Sep 17)
- <Possible follow-ups>
- RE: IP flood? Wright, Jeremy (Sep 17)
- RE: IP flood? Chris Merkel (Sep 17)