Security Basics mailing list archives
Re: ICMP question
From: Fernando Gont <fernando () gont com ar>
Date: Fri, 19 Mar 2004 22:59:22 -0300
At 11:46 19/03/2004 +0800, cc wrote:
My firewall has been receiving an inordinate amount of ICMP pings from external systems.
All systems from the same network, or what?
The strange thing about this is that the ICMP packets coming to my firewall are actually ICMP responses and not requests.
This is usual for smurf attacks.
I've looked at the logs (snort) and noticed that some of these pings originate from *.cirn.net. Has anyone heard of this network?
Have a look at http://www.dshield.org , may be they have.
And then, some of these pongs contains a payload which has the message "Please help me, matrix catch me". I've been googling and couldn't find anything. Does anyone have any idea what this ping response might be? A bot?
It depends on the amount of traffic, where all the packets come from, an any other pattern the packets may have.
-- Fernando Gont e-mail: fernando () gont com ar || fgont () acm org ---------------------------------------------------------------------------Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
Current thread:
- ICMP question cc (Mar 19)
- Re: ICMP question Fernando Gont (Mar 22)