Security Incidents mailing list archives

echo requests, 1480 bytes

From: thomas () 88 NET (thomas lakofski)
Date: Tue, 8 Feb 2000 15:56:52 +0000


i've been seeing the following recently:

Feb  3 06:24:30 oi iplog[20316]: ICMP: echo from ns-norva.navy.mil (1480 bytes)
Feb  3 16:13:50 oi iplog[20316]: ICMP: echo from cismhp.univ-lyon1.fr (1480 bytes)
Feb  4 08:15:32 oi iplog[20316]: ICMP: echo from stone.gocis.bg (1480 bytes)
Feb  7 15:21:37 oi iplog[20316]: ICMP: echo from 209.213.81.134 (1480 bytes)
Feb  7 20:26:31 oi iplog[20316]: ICMP: echo from stone.gocis.bg (1480 bytes)
Feb  8 01:52:05 oi iplog[20316]: ICMP: echo from h00e0290a81ca.ne.mediaone.net (1480 bytes)
Feb  8 01:53:01 oi iplog[20316]: ICMP: echo from h00e0290a81ca.ne.mediaone.net (1480 bytes)
Feb  8 01:54:08 oi iplog[20316]: ICMP: echo from h00e0290a81ca.ne.mediaone.net (1480 bytes)
Feb  8 01:57:48 oi iplog[20316]: ICMP: echo from h00e0290a81ca.ne.mediaone.net (1480 bytes)
Feb  8 02:08:18 oi iplog[20316]: ICMP: echo from h00e0290a81ca.ne.mediaone.net (1480 bytes)
Feb  8 02:13:23 oi iplog[20316]: ICMP: echo from h00e0290a81ca.ne.mediaone.net (1480 bytes)
Feb  8 15:13:24 oi iplog[20316]: ICMP: echo from ns-norva.navy.mil (1480 bytes)

i thought these might be controlling packets for one of the dist'd DoS
tools -- can anybody confirm or deny?  my network blocks directed
broadcasts so i doubt that it's a smurf-type attack.

-tl

......
         who's watching your watchmen?
EF D8 33 68 B3 E3 E9 D2  C1 3E 51 22 8A AA 7B 98

Current thread:

stealth scans on old legacy firewalls. Larry W. Cashdollar (Feb 04)
- Re: stealth scans on old legacy firewalls. Leonid Igolnik - LiM (Feb 05)
- Re: stealth scans on old legacy firewalls. SecOrg (Feb 05)
- Named "Response from unexpected source" Alexandru Popa (Feb 07)
  - Re: Named "Response from unexpected source" Erik Fichtner (Feb 07)
  - Re: Named "Response from unexpected source" Greg Woods (Feb 08)
  - echo requests, 1480 bytes thomas lakofski (Feb 08)