Security Incidents mailing list archives
Re: ICMP Type:8 Code:137
From: "Allan Kjeldbjerg (Acom Internet ApS)" <allan () acom-net dk>
Date: Fri, 28 Oct 2005 21:18:27 +0200
Hi _mutiger_jh,Yes I have notice the increase of the same packets. They could be spoofed but the one I currently
notice originate from China and is distributed via ISP's in New York.Concurrently with these packets we expirence non terminating TCP connections on our Windows platform. - Could there be a connection between the two? Anyone noticed the same pattern?
/allan----- Original Message ----- From: "Justin" <justinvinn () gmail com>
To: <mutiger_jh () yahoo com> Cc: <incidents () securityfocus com> Sent: Friday, October 28, 2005 8:11 PM Subject: Re: ICMP Type:8 Code:137
Mutiger_jh, It could indeed be a recon technique (the traceroute makes me think that even more). Custom ICMP programs are not that difficult to make, so maybe somebody is using your system(s) as a testing ground? This also reminds me of xprobe2. Doesn't that send ICMP like what you described? Are these targetd in sweeps across your netrange, or is it just against one specific host. Hope some of that helped... peace, --Justin On 28 Oct 2005 03:12:09 -0000, mutiger_jh () yahoo com <mutiger_jh () yahoo com> wrote:We have been seeing a good number of ICMP - echo requests coming in bursts having a code of 137 in the last couple of days. The burst do not last long but are sometimes preceeded by a traceroute. No other traffice follows from the source hosts. There is no payload in the packets. My research into what or why this is happening has turned up nothing.Has any one heard of any attacks or recon using this code?
Current thread:
- ICMP Type:8 Code:137 mutiger_jh (Oct 27)
- Re: ICMP Type:8 Code:137 Justin (Oct 28)
- Re: ICMP Type:8 Code:137 Allan Kjeldbjerg (Acom Internet ApS) (Oct 28)
- Re: ICMP Type:8 Code:137 Valdis . Kletnieks (Oct 31)
- Re: ICMP Type:8 Code:137 Allan Kjeldbjerg (Acom Internet ApS) (Oct 28)
- <Possible follow-ups>
- Re: Re: ICMP Type:8 Code:137 mutiger_jh (Oct 28)
- Re: ICMP Type:8 Code:137 Justin (Oct 28)