Firewall Wizards mailing list archives
big ICMP size
From: bugiu <gabij () osim ro>
Date: Tue, 03 Oct 2000 01:30:00 +0200
Hi admins ,
I have a distributed source attack with ICMP type 8 pack, size =1500 and
flag don't fragment set (DF) from a number of 8-10 sites.
The default policy discards this requests, but before contacting the
admins of this sites, do you know any similar reports or modified binary
that generates this type of traffic ?
here is a log extract of this activity :
-----------------------////////
Sep 21 11:00:20 iplist kernel: Packet log: input DENY eth0 PROTO=1
SS.SS.SS.SS:8 193.230.133.6:0 L=1500 S=0x00 I=36059 F=0x4000 T=233
-------------------------///////
11:38:03.748034 212.206.88.45 > bamse.osim.ro: icmp: echo request (DF)
(ttl 234, id 3266)
4500 05dc 0cc2 4000 ea01 0a76 SSSS SSSS
c1e6 8506 0800 f7ff 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000
any ideeas would be apreciated
gabi jipa
_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- big ICMP size bugiu (Oct 03)
- Re: big ICMP size Darren Reed (Oct 04)
- RE: big ICMP size Ofir Arkin (Oct 04)
- Re: big ICMP size thornton (Oct 09)
- RE: big ICMP size Ofir Arkin (Oct 04)
- RE: big ICMP size Ofir Arkin (Oct 04)
- Re: big ICMP size Darren Reed (Oct 04)