Security Incidents mailing list archives

ICMP Source Quench - Can it be some flood attack?

From: Vinicius Vianna <ds () WEXPERTS COM BR>
Date: Fri, 8 Sep 2000 15:32:35 -0300

Last night i received some snort alerts that my machine was receiving some ICMP Source Quench, after some research i 
find out this icmp message is sent when a host cannot process data due to a overload or something else, but as i 
received this icmp messages in two IPs, the normal ip that is used to send data, and a other IP, used only to people 
access some web pages can this be some flood attack to slow down or flood a machine?

Thanks in advance

Snort syslog format file:
09/06-22:55:21.306503  [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.248
09/06-22:55:21.315022  [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.248
09/06-22:59:43.422982  [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.247
09/06-22:59:43.429067  [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.247
09/06-22:59:43.437629  [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.247
09/06-22:59:43.440503  [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.247
09/06-22:59:43.477759  [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.247
09/06-22:59:43.480583  [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.247
09/06-22:59:43.500551  [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.247
09/06-22:59:43.526330  [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.247
09/06-22:59:43.529171  [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.247
09/06-22:59:43.531157  [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.247
09/06-22:59:43.534927  [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.248
09/06-22:59:43.546433  [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.248
09/06-22:59:43.550941  [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.248
09/06-22:59:43.559408  [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.248
09/06-22:59:43.631409  [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.248
09/06-22:59:43.652404  [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.248
09/06-22:59:43.670846  [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.248
09/06-22:59:43.679427  [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.248
09/06-22:59:43.682211  [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.248
09/06-22:59:43.687902  [**] PING-ICMP Source Quench [**] 200.210.59.73 -> 200.210.49.248
(time in GMT -0300, ntp sync)
Vinicius Pavanelli Vianna
Wexperts Internet Solutions
Diretor
Fone: +55 16 625 2133
URL: http://www.wexperts.com.br

Current thread:

ICMP Source Quench - Can it be some flood attack? Vinicius Vianna (Sep 08)
- Re: ICMP Source Quench - Can it be some flood attack? Jose Nazario (Sep 12)
- Re: ICMP Source Quench - Can it be some flood attack? Mixter (Sep 12)
- <Possible follow-ups>
- Re: ICMP Source Quench - Can it be some flood attack? J. Oquendo (Sep 12)