Security Basics mailing list archives
Re: pings
From: chip <chip.gwyn () gmail com>
Date: Thu, 30 Dec 2004 17:33:20 -0500
The pings you are seeing from pnap.net probably resolve to performance or fcp boxes that they use to help map out paths from thier "PNAP" to your network. They then take these performance metrics and decide which exit point of the pnap gives the best performance and route accordingly. I wouldn't be concerned with these. On Fri, 24 Dec 2004 10:09:32 +0800, cc <cc () belfordhk com> wrote:
Hi, I've been monitoring my firewall logs, via. snort and ACID and have noticed that I've been getting a lot of pings from different IP addresses, but most from the 'pnap.net' network. Between "Undefined Code" (as stated in Snort) to the Ping that contains "Please Help Me. matrix catch me" packet. Now I've shut down the ICMP capabilities; that is, I've set my firewall to drop ICMPs. My question is, has anyone received any of such pings from the 'pnap.net' network? I've done some basic checks on the particular IPs from this domain, and since I'm quite a neophyte in the security business, I don't know whether the source is spoofed or not. Should I even be concerned about these pings? Any help/advice appreciated. Thank you. And a Very Safe and Merry Christmas to you all! Edmund
-- Just my $.02, your mileage may vary, batteries not included, etc....