Security Incidents mailing list archives

Re: Weird Ping requests

From: ebrockway () EARTHLINK NET (Erick Brockway)
Date: Fri, 21 Apr 2000 23:15:54 -0700


    Well, I do forward a lot of spam complaints, mostly the Whack-A-Mole
dialups, but my IP is dynamic, so who would know where I'd be? Besides that,
no.

----- Original Message -----
From: "Richard Bejtlich" <bejtlich () TEXAS NET>
To: <INCIDENTS () SECURITYFOCUS COM>
Sent: Tuesday, April 18, 2000 12:36 PM
Subject: Re: Weird Ping requests

Erick,

This may be the result of someone trying a Smurf-type attack
upon your machine.  I resolved your IP and saw it was an
Earthlink dial-up.  Did you take any actions which might
cause someone to Smurf you?  Typically we see this with IRC
warfare or against high profile web servers, etc.

Richard

-----

    Looked at my AtGuard log last night, and something weird
showed up there.
    Started with;
 4/15/00 19:36:46.383 NDIS Filter Rule "Default Inbound
ICMP" permitted (206.204.217.22,0).  Details:
Inbound ICMP request
Local address is (209.178.128.182)
Remote address is (206.204.217.22)
Message type is "Echo Reply"

Erick Brockway

Current thread:

sadmind hack? Yip Chan Keong (Apr 12)
- Re: sadmind hack? Ex Machina (Apr 13)
- Re: sadmind hack? Robert Graham (Apr 13)
  - Re: sadmind hack? Fyodor (Apr 16)
  - Weird Ping requests Erick Brockway (Apr 16)
    - Re: Weird Ping requests Richard Bejtlich (Apr 18)
    - Re: Weird Ping requests Erick Brockway (Apr 21)
  - Re: sadmind hack? Labu Labi (Apr 17)
    - Re: sadmind hack? Prateek Jetly (Apr 18)
- Re: sadmind hack? Chad Roberts (Apr 14)
- Strange UDP traffic Ed Padin (Apr 14)
- Port 6502 Tony Lambiris (Apr 16)
- <Possible follow-ups>
- Re: sadmind hack? Oliver Friedrichs (Apr 13)
- Re: sadmind hack? Spoonm Spoonm (Apr 18)