Security Basics mailing list archives

RE: Ping Cyberkit 2.2

From: "Ryan Belcher" <Ryanb () sealevel com>
Date: Fri, 12 Sep 2003 17:10:51 -0400

That's the Lovesan/Welchia worm attempting to find hosts to attack.  If you're protected then just flush the logs like 
I do.

Ryan

-----Original Message-----
From: Dr Aldo Medina [mailto:aldomedina () hotpop com]
Sent: Thursday, September 11, 2003 10:13 PM
To: security-basics () securityfocus com
Subject: Ping Cyberkit 2.2


Since about a week, my snort logs are full of messages like this:

Sep  6 12:27:56 linuxserver snort: [1:483:2] ICMP PING CyberKit 2.2
Windows [Classification: Misc activity] [Priority: 3]: {ICMP}
200.95.132.194 -> 200.95.123.16
Sep  6 12:29:23 linuxserver snort: [1:483:2] ICMP PING CyberKit 2.2
Windows [Classification: Misc activity] [Priority: 3]: {ICMP}
200.95.66.113 -> 200.95.123.16Sep  6 12:31:24 linuxserver snort:
[1:483:2] ICMP PING CyberKit 2.2 Windows [Classification: Misc activity]
[Priority: 3]: {ICMP} 200.95.132.65 -> 200.95.123.16Sep  6 12:39:01
linuxserver snort: [1:483:2] ICMP PING CyberKit 2.2 Windows
[Classification: Misc activity] [Priority: 3]: {ICMP} 200.95.21.229 ->
200.95.123.16Sep  6 12:41:52 linuxserver snort: [1:483:2] ICMP PING
CyberKit 2.2 Windows [Classification: Misc activity] [Priority: 3]:
{ICMP} 200.95.132.88 -> 200.95.123.16Sep  6 12:45:33 linuxserver snort:
[1:483:2] ICMP PING CyberKit 2.2 Windows [Classification: Misc activity]
[Priority: 3]: {ICMP} 200.95.132.131 -> 200.95.123.16
Sep  6 12:48:14 linuxserver snort: [1:483:2] ICMP PING CyberKit 2.2
Windows [Classification: Misc activity] [Priority: 3]: {ICMP}
200.95.129.36 -> 200.95.123.16Sep  6 12:51:10 linuxserver snort:
[1:483:2] ICMP PING CyberKit 2.2 Windows [Classification: Misc activity]
[Priority: 3]: {ICMP} 200.95.33.116 -> 200.95.123.16

Running Linux Debian Woody. Should I be worried?

TIA.



---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Captus Networks
Are you prepared for the next Sobig & Blaster?
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Precisely Define and Implement Network Security
 - Automatically Control P2P, IM and Spam Traffic
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------

Current thread:

Ping Cyberkit 2.2 Dr Aldo Medina (Sep 12)
- Re: Ping Cyberkit 2.2 Karma (Sep 15)
  - RE: Ping Cyberkit 2.2 Ian Kennedy (Sep 15)
- Re: Ping Cyberkit 2.2 GSimmonds (Sep 15)
- <Possible follow-ups>
- RE: Ping Cyberkit 2.2 Ryan Belcher (Sep 12)