Security Incidents mailing list archives

Can anyone identify this?

From: Brian Burns <bburns () MARKVII COM>
Date: Mon, 31 Jul 2000 13:25:11 -0500

I have just been forwarded this log from a friend's sonicwall..  It appears
that this traffic has been repeating itself (24x7) for over a week. I think
that this might be a coordinated scan, or maybe a DOS attack against a third
party? Is anyone aware of any trojans or probes that are affected on port 3?

Any help for this newbie is appreciated...

07/31/2000 11:36:45.784 -       ICMP packet dropped -   Source:x.x.x.85, 3,
WAN -   Destination:<my ip>, 3, LAN -   'Dest Unreachable' -    Rule 0
07/31/2000 11:36:47.304 -       ICMP packet dropped -   Source:x.x.x.81, 3,
WAN -   Destination:<my ip>, 3, LAN -   'Dest Unreachable' -    Rule 0
07/31/2000 11:36:48.864 -       ICMP packet dropped -   Source:x.x.x.69, 3,
WAN -   Destination:<my ip>, 3, LAN -   'Dest Unreachable' -    Rule 0
07/31/2000 11:36:50.384 -       ICMP packet dropped -   Source:x.x.x.85, 3,
WAN -   Destination:<my ip>, 3, LAN -   'Dest Unreachable' -    Rule 0
07/31/2000 11:36:59.576 -       ICMP packet dropped -   Source:x.x.x.81, 3,
WAN -   Destination:<my ip>, 3, LAN -   'Dest Unreachable' -    Rule 0
07/31/2000 11:37:05.688 -       ICMP packet dropped -   Source:x.x.x.85, 3,
WAN -   Destination:<my ip>, 3, LAN -   'Dest Unreachable' -    Rule 0
07/31/2000 11:37:07.288 -       ICMP packet dropped -   Source:x.x.x.81, 3,
WAN -   Destination:<my ip>, 3, LAN -   'Dest Unreachable' -    Rule 0
07/31/2000 11:37:08.768 -       ICMP packet dropped -   Source:x.x.x.85, 3,
WAN -   Destination:<my ip>, 3, LAN -   'Dest Unreachable' -    Rule 0
07/31/2000 11:37:10.288 -       ICMP packet dropped -   Source:x.x.x.81, 3,
WAN -   Destination:<my ip>, 3, LAN -   'Dest Unreachable' -    Rule 0
07/31/2000 11:37:11.864 -       ICMP packet dropped -   Source:x.x.x.69, 3,
WAN -   Destination:<my ip>, 3, LAN -   'Dest Unreachable' -    Rule 0
07/31/2000 11:37:14.864 -       ICMP packet dropped -   Source:x.x.x.81, 3,
WAN -   Destination:<my ip>, 3, LAN -   'Dest Unreachable' -    Rule 0
07/31/2000 11:37:16.480 -       ICMP packet dropped -   Source:x.x.x.85, 3,
WAN -   Destination:<my ip>, 3, LAN -   'Dest Unreachable' -    Rule 0
07/31/2000 11:37:19.496 -       ICMP packet dropped -   Source:x.x.x.69, 3,
WAN -   Destination:<my ip>, 3, LAN -   'Dest Unreachable' -    Rule 0
07/31/2000 11:37:22.576 -       ICMP packet dropped -   Source:x.x.x.81, 3,
WAN -   Destination:<my ip>, 3, LAN -   'Dest Unreachable' -    Rule 0
07/31/2000 11:37:24.096 -       ICMP packet dropped -   Source:x.x.x.69, 3,
WAN -   Destination:<my ip>, 3, LAN -   'Dest Unreachable' -    Rule 0
07/31/2000 11:37:25.656 -       ICMP packet dropped -   Source:x.x.x.81, 3,
WAN -   Destination:<my ip>, 3, LAN -   'Dest Unreachable' -    Rule 0
07/31/2000 11:37:27.192 -       ICMP packet dropped -   Source:x.x.x.85, 3,
WAN -   Destination:<my ip>, 3, LAN -   'Dest Unreachable' -    Rule 0

Current thread:

Can anyone identify this? Brian Burns (Aug 01)
- Re: Can anyone identify this? Jason Lewis (Aug 02)
- <Possible follow-ups>
- Re: Can anyone identify this? Brian Burns (Aug 02)
  - Re: Can anyone identify this? Jerome Tytgat (Aug 03)