Security Incidents mailing list archives
Re: Port 8 and Ping
From: "Blake R. Swopes" <bhodi () BIGFOOT COM>
Date: Wed, 27 Dec 2000 22:42:31 -0800
ICMP type 8 is a ping. When ICMP traffic is logged, if you don't pay attention to the protocol, it appears to be regular (i.e., udp/tcp) traffic to port 8. Did you notice any effects from this traffic? If not, the increased traffic could have been caused by something like napster. -----Original Message----- From: Incidents Mailing List [mailto:INCIDENTS () SECURITYFOCUS COM]On Behalf Of Prashanth Ram Sent: Wednesday, December 27, 2000 5:49 PM To: INCIDENTS () SECURITYFOCUS COM Subject: Port 8 and Ping Hi Folks.. Okay, for approx. 8 hrs we've been scanned by 220 IP addresses. From the frequency of the scans I am sure that it was a coordinated attack. It also seems that all I get is 1 or 2 hits from an IP address. When I did a lookup on these IP address most of them belonged to modems and DSL lines, so I suppose I'm "screwed!" This is what the log says: Source Destination 204.xxx.xxx.xxx, 8, WAN xxx.xxx.xxx.xxx 8, LAN 172.xxx.xxx.xxx, 8, WAN xxx.xxx.xxx.xxx, 8, LAN 213.xxx.xxx.xxx, 8, WAN xxx.xxx.xxx.xxx, 8, LAN 172.xxx.xxx.xxx, 8, WAN xxx.xxx.xxx.xxx 8, LAN Can someone please tell me what is on port 8 and why it's being scanned. Also, can anyone tell me how to proceed. If it was a small number (<20) I would not mind informing the admins of the IP addresses.. but 200 is kind of alot of admins to contact! Any suggestions would be great.. Thank you.. -Prashanth
Current thread:
- Port 8 and Ping Prashanth Ram (Dec 27)
- Re: Port 8 and Ping Robert van der Meulen (Dec 27)
- Re: Port 8 and Ping Blake R. Swopes (Dec 28)