Security Incidents mailing list archives
Ping flood? Whats the point?
From: billp () ROCKETCASH COM (Bill Pennington)
Date: Tue, 1 Feb 2000 14:08:53 -0800
A few moments ago my firewall logs started filling up with messages below. Basiclly ICMP Echos for all over the place. I have not had a lot of time to research but it seems like a fairly random IP address distribution and the few that I looked up seemed to originate from .kr and .ar should I assume that all these boxes have been comprimised? Should I attempt to contact all the owners? What is the attacker trying to accomplish? Below is a small portion of the log file. TIA Feb 1 13:52:21 Deny inbound icmp src outside:193.65.199.3 dst <>:rcgw (type 8, code 0) Feb 1 13:52:21 Deny inbound icmp src outside:193.71.17.3 dst <>:rcgw (type 8, code 0) Feb 1 13:52:21Deny inbound icmp src outside:194.90.246.171 dst <>:rcgw (type 8, code 0) Feb 1 13:52:21 Deny inbound icmp src outside:196.7.87.3 dst <>:rcgw (type 8, code 0) Feb 1 13:52:21 Deny inbound icmp src outside:212.36.169.97 dst <>:rcgw (type 8, code 0) Feb 1 13:52:21 Deny inbound icmp src outside:216.52.142.3 dst <>:rcgw (type 8, code 0) Feb 1 13:52:21 Deny inbound icmp src outside:212.78.162.3 dst <>:rcgw (type 8, code 0) Feb 1 13:52:21 Deny inbound icmp src outside:216.52.58.2 dst <>:rcgw (type 8, code 0) Feb 1 13:52:21 Deny inbound icmp src outside:195.8.99.162 dst <>:rcgw (type 8, code 0) Feb 1 13:52:21 Deny inbound icmp src outside:140.239.162.2 dst <>:rcgw (type 8, code 0) Feb 1 13:52:21Deny inbound icmp src outside:212.35.98.3 dst <>:rcgw (type 8, code 0) Feb 1 13:52:21 Deny inbound icmp src outside:216.52.239.2 dst <>:rcgw (type 8, code 0) Feb 1 13:52:21Deny inbound icmp src outside:212.121.130.40 dst <>:rcgw (type 8, code 0) -- Bill Pennington IT Manager Rocketcash billp () rocketcash com http://www.rocketcash.com
Current thread:
- Ping flood? Whats the point? Bill Pennington (Feb 01)
- Re: Ping flood? Whats the point? Ryan Sweat (Feb 02)
- <Possible follow-ups>
- Re: Ping flood? Whats the point? Don (Feb 02)
- tracing spoofing (Was Re: Ping flood? Whats the point?) Dragos Ruiu (Feb 03)
- Re: Ping flood? Whats the point? Andy David (Feb 03)
- Re: Ping flood? Whats the point? Bill Pennington (Feb 05)
- Re: Ping flood? Whats the point? Russell Fulton (Feb 06)
- Re: Ping flood? Whats the point? Chuck Phillips (Feb 05)
- Re: Ping flood? Whats the point? Kerry Baker (Feb 07)
- Re: Ping flood? Whats the point? Filip M. Gieszczykiewicz (Feb 08)
- Re: Ping flood? Whats the point? Kerry Baker (Feb 08)
- Re: Ping flood? Whats the point? Kerry Baker (Feb 07)