Re: ICMP question

[Fernando Gont <fernando () gont com ar>]

At 11:46 19/03/2004 +0800, cc wrote:

> My firewall has been receiving an inordinate amount of ICMP
> pings from external systems.

All systems from the same network, or what?


> The strange thing about this
> is that the ICMP packets coming to my firewall are actually
> ICMP responses and not requests.

This is usual for smurf attacks.


> I've looked at the logs (snort) and noticed that some
> of these pings originate from *.cirn.net.   Has anyone
> heard of this network?

Have a look at http://www.dshield.org , may be they have.


> And then, some of these pongs contains a payload
> which has the message "Please help me, matrix catch me".
> I've been googling and couldn't find anything.
> Does anyone have any idea what this ping response
> might be?  A bot?

It depends on the amount of traffic, where all the packets come from, an 
any other pattern the packets may have.


--
Fernando Gont
e-mail: fernando () gont com ar || fgont () acm org



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------