Security Incidents mailing list archives
Re: ICMP Type:8 Code:137
From: Justin <justinvinn () gmail com>
Date: Fri, 28 Oct 2005 14:11:04 -0400
Mutiger_jh, It could indeed be a recon technique (the traceroute makes me think that even more). Custom ICMP programs are not that difficult to make, so maybe somebody is using your system(s) as a testing ground? This also reminds me of xprobe2. Doesn't that send ICMP like what you described? Are these targetd in sweeps across your netrange, or is it just against one specific host. Hope some of that helped... peace, --Justin On 28 Oct 2005 03:12:09 -0000, mutiger_jh () yahoo com <mutiger_jh () yahoo com> wrote:
We have been seeing a good number of ICMP - echo requests coming in bursts having a code of 137 in the last couple of days. The burst do not last long but are sometimes preceeded by a traceroute. No other traffice follows from the source hosts. There is no payload in the packets. My research into what or why this is happening has turned up nothing. Has any one heard of any attacks or recon using this code?
Current thread:
- ICMP Type:8 Code:137 mutiger_jh (Oct 27)
- Re: ICMP Type:8 Code:137 Justin (Oct 28)
- Re: ICMP Type:8 Code:137 Allan Kjeldbjerg (Acom Internet ApS) (Oct 28)
- Re: ICMP Type:8 Code:137 Valdis . Kletnieks (Oct 31)
- Re: ICMP Type:8 Code:137 Allan Kjeldbjerg (Acom Internet ApS) (Oct 28)
- <Possible follow-ups>
- Re: Re: ICMP Type:8 Code:137 mutiger_jh (Oct 28)
- Re: ICMP Type:8 Code:137 Justin (Oct 28)