Re: Port 8 and Ping

["Blake R. Swopes" <bhodi () BIGFOOT COM>]

ICMP type 8 is a ping. When ICMP traffic is logged, if you don't pay
attention to the protocol, it appears to be regular (i.e., udp/tcp) traffic
to port 8.

Did you notice any effects from this traffic? If not, the increased traffic
could have been caused by something like napster.

-----Original Message-----
From: Incidents Mailing List [mailto:INCIDENTS () SECURITYFOCUS COM]On
Behalf Of Prashanth Ram
Sent: Wednesday, December 27, 2000 5:49 PM
To: INCIDENTS () SECURITYFOCUS COM
Subject: Port 8 and Ping


Hi Folks..
        Okay, for approx. 8 hrs we've been scanned by 220 IP addresses. From
the frequency of the scans I am sure that it was a coordinated attack. It
also seems that all I get is 1 or 2 hits from an IP address. When I did a
lookup on these IP address most of them belonged to modems and DSL lines, so
I suppose I'm "screwed!"

This is what the log says:

Source                          Destination
204.xxx.xxx.xxx, 8, WAN         xxx.xxx.xxx.xxx 8, LAN
172.xxx.xxx.xxx, 8, WAN         xxx.xxx.xxx.xxx, 8, LAN
213.xxx.xxx.xxx, 8, WAN         xxx.xxx.xxx.xxx, 8, LAN
172.xxx.xxx.xxx, 8, WAN         xxx.xxx.xxx.xxx 8, LAN


Can someone please tell me what is on port 8 and why it's being scanned.
Also, can anyone tell me how to proceed. If it was a small number (<20) I
would not mind informing the admins of the IP addresses.. but 200 is kind of
alot of admins to contact!

Any suggestions would be great..
Thank you..
-Prashanth