Security Incidents mailing list archives

Re: Strange ping reply packets

From: Artur.Nowak-incidents () WODIP OPOLE PL (Artur Nowak)
Date: Sat, 12 Feb 2000 00:18:43 +0100

Arthur, I don't think the IP's are randomly generated.. Check out these
addresses..
212.151.36.6     [3,30]
128.210.131.189  [10,38]
129.82.96.191    [11,42]
209.166.140.96   [14,45]
203.134.57.37    [22,40]
Those matches were found at the lines specified in your log. If you are
seeing duplicate IP addresses more than 10 sec apart, some of those may be
real. Is it possible this is legitimate traffic?


I check logs with traffic and found that icmp ping request' packets has
been sent from my network. I don't know who was initiator of this trafic,
but now all icmp packets going out are denied (only packets from network,
not from firewall).
Thanks all for help and answers.

--
 Artur Nowak       ==> mail anowak-pgp () wodip opole pl for PGP pub_key
  e-mail : anowak () wodip opole pl       || anowak () polo po opole pl
  www    : www.wodip.opole.pl/~anowak/ || polo.po.opole.pl/~anowak/
 PGP: 0x7BCE3064 | CF14 7AF4 2A1B 485E B0B5 1261 F7A1 26D5 7BCE 3064

Current thread:

Re: Strange ping reply packets Pavel Aubuchon-Mendoza (Feb 10)
- <Possible follow-ups>
- Re: Strange ping reply packets Artur Nowak (Feb 11)