Re: 8 hours of pinging

[RB.MailLists () NS SYMPATICO CA (Rick Ballard)]

On 20 Mar 2000, at 9:20, Jim Lindstrom wrote:

> I have a machine on the @Home network whose logs I monitor in
> real-time.  Last night from 12:40am to about 8:35am (central standard us
> time), the machine was continously pinged, at a rate of 5 to 10 times
> per minute, from machines all over the world.  I don't think this was
> intended as a DDoS, due to the low rate of firings, but what else could
> this have been?

I had the same thing happen to me on March 6, but only about
once per minute, also for about 8 hours. Most of the source IPs
seemed to be from Europe, but I imagine they were all fake. This
was on my double NATed ADSL line at home, that has a dynamic
real IP that changes just about everytime I do
anything. This also happened in the middle of the day ( AST ). I
have the logs if anyone is interested. I have no idea what it was.

Here is a short excerpt from my OpenBSD filter log:
Mar  6 15:30:36 blackfly ipmon[30937]: 15:30:35.453328              ne0 @0:2 b 155.185.24.179 -> 10.27.15.70 PR icmp 
len 20 7168 icmp 8/0
Mar  6 15:31:49 blackfly ipmon[30937]: 15:31:48.977207              ne0 @0:2 b 171.223.212.6 -> 10.27.15.70 PR icmp len 
20 7168 icmp 8/0
Mar  6 15:32:47 blackfly ipmon[30937]: 15:32:47.165076              ne0 @0:2 b 155.185.24.179 -> 10.27.15.70 PR icmp 
len 20 7168 icmp 8/0
Mar  6 15:33:24 blackfly ipmon[30937]: 15:33:23.381301              ne0 @0:2 b 63.11.68.120 -> 10.27.15.70 PR icmp len 
20 7168 icmp 8/0

--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Rick Ballard                            Rick.Ballard () ns sympatico ca
Halifax, Nova Scotia, Canada