Security Basics mailing list archives

Re: pings

From: Leif Ericksen <leife () dls net>
Date: Tue, 28 Dec 2004 12:35:03 -0600

Overall I would not worry to much about ping packets noticed in your
firewall logs.  Yeah notice them and unless you are seeing hundreds to
thousands of packets not a big deal.  I am on a DHCP connection with my
ISP and I see various hits in my IDS from PING.  ping hits aer way to
common for most people to worry about.

just my $0.02
--
Leif

Hi,

I've been monitoring my firewall logs, via. snort and ACID and
have noticed that I've been getting a lot of pings from
different IP addresses, but most from the 'pnap.net'
network.   Between "Undefined Code" (as stated in Snort)
to the Ping that contains "Please Help Me. matrix catch me"
packet.   Now I've shut down the ICMP capabilities; that
is, I've set my firewall to drop ICMPs.

My question is, has anyone received any of such pings
from the 'pnap.net' network?   I've done some
basic checks on the particular IPs from this domain,
and since I'm quite a neophyte in the security business,
I don't know whether the source is spoofed or not.

Should I even be concerned about these pings?

Any help/advice appreciated.

Thank you.

And a Very Safe and Merry Christmas to you all!

Edmund

Current thread:

pings cc (Dec 28)
- Re: pings Leif Ericksen (Dec 28)
  - Re: pings cc (Dec 29)
    - Re: pings Leif Ericksen (Dec 29)
    - Re: pings Rodrigo Ramos (Dec 30)
- Re: pings chip (Dec 31)
- <Possible follow-ups>
- Re: pings Steve Crapo (Dec 30)