Security Incidents mailing list archives
Re: 8 hours of pinging
From: spiff () BWAY NET (spiff)
Date: Wed, 22 Mar 2000 03:40:53 -0500
Perhaps this is an Nmap -sP (ping scan) using the decoy option, and set to a scan frequency low enough to avoid setting off IDS systems. The output of this scan is any host listening at a particular address, which can then be given as input to a more thorough scan of known 'alive' hosts. Of note, if this _is_ an nmap scan, one of the addresses is the real ip of the scanning host. see www.insecure.org for Nmap. spiff On Tue, 21 Mar 2000, Ed Padin wrote:
FYI, I've seen this happen as well. The pings seem to come from all over the place. They do not come rapidly as in a flood. perhaps it's a tribe-like scan of some sort? I don't get any malformed packets just straight ICMP-ECHO-REQUEST.-----Original Message----- From: Jim Lindstrom [mailto:jlindstr () UIUC EDU] Sent: Monday, March 20, 2000 10:21 AM To: INCIDENTS () SECURITYFOCUS COM Subject: 8 hours of pinging I have a machine on the @Home network whose logs I monitor in real-time. Last night from 12:40am to about 8:35am (central standard us time), the machine was continously pinged, at a rate of 5 to 10 times per minute, from machines all over the world. I don't think this was intended as a DDoS, due to the low rate of firings, but what else could this have been? -- Jim Lindstrom jlindstr () uiuc edu
Current thread:
- Re: 8 hours of pinging Ed Padin (Mar 21)
- Re: 8 hours of pinging spiff (Mar 22)
- Curious HTTP related probings. Scott A . McIntyre (Mar 22)
- Re: Curious HTTP related probings. Erik Fichtner (Mar 22)
- Re: Curious HTTP related probings. Russell Fulton (Mar 22)
- [Fwd: [fw-wiz] Specious network performance measurements.] horio shoichi (Mar 22)
- <Possible follow-ups>
- Re: 8 hours of pinging Scott Wunsch (Mar 22)
- Re: 8 hours of pinging Robert Graham (Mar 22)
- Re: 8 hours of pinging Rainer Freis (Mar 27)
- Re: 8 hours of pinging Ed Padin (Mar 28)
- Re: 8 hours of pinging Dragos Ruiu (Mar 29)
- rooted by r0x - from address 212.177.241.127 Dwight Schauer (Mar 29)
(Thread continues...)