Security Incidents mailing list archives
Re: 8 hours of pinging
From: mharris () METENG ON CA (Mike A. Harris)
Date: Fri, 24 Mar 2000 08:03:00 -0500
On Mon, 20 Mar 2000, Jim Lindstrom wrote:
Date: Mon, 20 Mar 2000 09:20:45 -0600 From: Jim Lindstrom <jlindstr () UIUC EDU> To: INCIDENTS () SECURITYFOCUS COM Subject: 8 hours of pinging I have a machine on the @Home network whose logs I monitor in real-time. Last night from 12:40am to about 8:35am (central standard us time), the machine was continously pinged, at a rate of 5 to 10 times per minute, from machines all over the world. I don't think this was intended as a DDoS, due to the low rate of firings, but what else could this have been?
I've read part of the thread on this and I have an idea what it could possibly be. It is possible someone is sending seemingly normal ICMP packets to you, however they could contain covert data. Data could be encoded into the ICMP data, various IP fields, IP options, etc.. -- Mike A. Harris Linux advocate Computer Consultant GNU advocate Capslock Consulting Open Source advocate I've overclocked my keyboard interface. It's quite messy dipping my hands into the mineral oil, but *MAN* is my keyboard ever fast now! - Anonymous Coward
Current thread:
- Generic checksums (MD5 DB) Ville (Mar 17)
- 8 hours of pinging Jim Lindstrom (Mar 20)
- Re: 8 hours of pinging Rick Ballard (Mar 21)
- Re: 8 hours of pinging Robert Graham (Mar 21)
- Re: 8 hours of pinging Bob Fayne (Mar 22)
- Re: 8 hours of pinging Jim Lindstrom (Mar 22)
- 8 hours of pinging Foley, Michael P (Mar 22)
- Re: 8 hours of pinging Mike A. Harris (Mar 24)
- Re: Generic checksums (MD5 DB) Filip M. Gieszczykiewicz (Mar 20)
- <Possible follow-ups>
- Re: Generic checksums (MD5 DB) Jon Burdge (Mar 21)
- Re: Generic checksums (MD5 DB) Thomas J. Kluegel (Mar 21)
- 8 hours of pinging Jim Lindstrom (Mar 20)