Security Incidents mailing list archives
ICMP Source Quench - Can it be some flood attack?
From: Vinicius Vianna <ds () WEXPERTS COM BR>
Date: Fri, 8 Sep 2000 15:32:35 -0300
Last night i received some snort alerts that my machine was receiving some ICMP Source Quench, after some research i find out this icmp message is sent when a host cannot process data due to a overload or something else, but as i received this icmp messages in two IPs, the normal ip that is used to send data, and a other IP, used only to people access some web pages can this be some flood attack to slow down or flood a machine? Thanks in advance Snort syslog format file: 09/06-22:55:21.306503 [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.248 09/06-22:55:21.315022 [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.248 09/06-22:59:43.422982 [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.247 09/06-22:59:43.429067 [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.247 09/06-22:59:43.437629 [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.247 09/06-22:59:43.440503 [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.247 09/06-22:59:43.477759 [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.247 09/06-22:59:43.480583 [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.247 09/06-22:59:43.500551 [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.247 09/06-22:59:43.526330 [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.247 09/06-22:59:43.529171 [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.247 09/06-22:59:43.531157 [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.247 09/06-22:59:43.534927 [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.248 09/06-22:59:43.546433 [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.248 09/06-22:59:43.550941 [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.248 09/06-22:59:43.559408 [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.248 09/06-22:59:43.631409 [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.248 09/06-22:59:43.652404 [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.248 09/06-22:59:43.670846 [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.248 09/06-22:59:43.679427 [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.248 09/06-22:59:43.682211 [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.248 09/06-22:59:43.687902 [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.248 (time in GMT -0300, ntp sync) Vinicius Pavanelli Vianna Wexperts Internet Solutions Diretor Fone: +55 16 625 2133 URL: http://www.wexperts.com.br
Current thread:
- ICMP Source Quench - Can it be some flood attack? Vinicius Vianna (Sep 08)
- Re: ICMP Source Quench - Can it be some flood attack? Jose Nazario (Sep 12)
- Re: ICMP Source Quench - Can it be some flood attack? Mixter (Sep 12)
- <Possible follow-ups>
- Re: ICMP Source Quench - Can it be some flood attack? J. Oquendo (Sep 12)