Security Incidents mailing list archives
Re: Weird Ping requests
From: ebrockway () EARTHLINK NET (Erick Brockway)
Date: Fri, 21 Apr 2000 23:15:54 -0700
Well, I do forward a lot of spam complaints, mostly the Whack-A-Mole dialups, but my IP is dynamic, so who would know where I'd be? Besides that, no. ----- Original Message ----- From: "Richard Bejtlich" <bejtlich () TEXAS NET> To: <INCIDENTS () SECURITYFOCUS COM> Sent: Tuesday, April 18, 2000 12:36 PM Subject: Re: Weird Ping requests
Erick, This may be the result of someone trying a Smurf-type attack upon your machine. I resolved your IP and saw it was an Earthlink dial-up. Did you take any actions which might cause someone to Smurf you? Typically we see this with IRC warfare or against high profile web servers, etc. Richard ----- Looked at my AtGuard log last night, and something weird showed up there. Started with; 4/15/00 19:36:46.383 NDIS Filter Rule "Default Inbound ICMP" permitted (206.204.217.22,0). Details: Inbound ICMP request Local address is (209.178.128.182) Remote address is (206.204.217.22) Message type is "Echo Reply" Erick Brockway
Current thread:
- sadmind hack? Yip Chan Keong (Apr 12)
- Re: sadmind hack? Ex Machina (Apr 13)
- Re: sadmind hack? Robert Graham (Apr 13)
- Re: sadmind hack? Fyodor (Apr 16)
- Weird Ping requests Erick Brockway (Apr 16)
- Re: Weird Ping requests Richard Bejtlich (Apr 18)
- Re: Weird Ping requests Erick Brockway (Apr 21)
- Re: sadmind hack? Labu Labi (Apr 17)
- Re: sadmind hack? Prateek Jetly (Apr 18)
- Re: sadmind hack? Chad Roberts (Apr 14)
- Strange UDP traffic Ed Padin (Apr 14)
- Port 6502 Tony Lambiris (Apr 16)
- <Possible follow-ups>
- Re: sadmind hack? Oliver Friedrichs (Apr 13)
- Re: sadmind hack? Spoonm Spoonm (Apr 18)