Security Basics mailing list archives
Re: Ping Cyberkit 2.2
From: Karma <steve () frij com>
Date: Sat, 13 Sep 2003 08:59:19 +1000
The ICMP packets from Nachi/Welchia resembles the Cyberkit packets with 64 (?) hexadecimal 'aa' as the content. If that is the case, I wouldnt be worried. The sources are mostly spoofed, but mostly class B regards Steve ----- Original Message ----- From: "Dr Aldo Medina" <aldomedina () hotpop com> To: <security-basics () securityfocus com> Sent: Friday, September 12, 2003 12:12 PM Subject: Ping Cyberkit 2.2
Since about a week, my snort logs are full of messages like this: Sep 6 12:27:56 linuxserver snort: [1:483:2] ICMP PING CyberKit 2.2 Windows [Classification: Misc activity] [Priority: 3]: {ICMP} 200.95.132.194 -> 200.95.123.16 Sep 6 12:29:23 linuxserver snort: [1:483:2] ICMP PING CyberKit 2.2 Windows [Classification: Misc activity] [Priority: 3]: {ICMP} 200.95.66.113 -> 200.95.123.16Sep 6 12:31:24 linuxserver snort: [1:483:2] ICMP PING CyberKit 2.2 Windows [Classification: Misc activity] [Priority: 3]: {ICMP} 200.95.132.65 -> 200.95.123.16Sep 6 12:39:01 linuxserver snort: [1:483:2] ICMP PING CyberKit 2.2 Windows [Classification: Misc activity] [Priority: 3]: {ICMP} 200.95.21.229 -> 200.95.123.16Sep 6 12:41:52 linuxserver snort: [1:483:2] ICMP PING CyberKit 2.2 Windows [Classification: Misc activity] [Priority: 3]: {ICMP} 200.95.132.88 -> 200.95.123.16Sep 6 12:45:33 linuxserver snort: [1:483:2] ICMP PING CyberKit 2.2 Windows [Classification: Misc activity] [Priority: 3]: {ICMP} 200.95.132.131 -> 200.95.123.16 Sep 6 12:48:14 linuxserver snort: [1:483:2] ICMP PING CyberKit 2.2 Windows [Classification: Misc activity] [Priority: 3]: {ICMP} 200.95.129.36 -> 200.95.123.16Sep 6 12:51:10 linuxserver snort: [1:483:2] ICMP PING CyberKit 2.2 Windows [Classification: Misc activity] [Priority: 3]: {ICMP} 200.95.33.116 -> 200.95.123.16 Running Linux Debian Woody. Should I be worried? TIA. --------------------------------------------------------------------------
-
Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm --------------------------------------------------------------------------
--
--------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- Ping Cyberkit 2.2 Dr Aldo Medina (Sep 12)
- Re: Ping Cyberkit 2.2 Karma (Sep 15)
- RE: Ping Cyberkit 2.2 Ian Kennedy (Sep 15)
- Re: Ping Cyberkit 2.2 GSimmonds (Sep 15)
- <Possible follow-ups>
- RE: Ping Cyberkit 2.2 Ryan Belcher (Sep 12)
- Re: Ping Cyberkit 2.2 Karma (Sep 15)