Security Incidents mailing list archives
Re: 8 hours of pinging
From: Rainer_Freis () SANTIX DE (Rainer Freis)
Date: Mon, 27 Mar 2000 09:03:46 +0100
Hello, On 24.03.2000 14:03:00 Mike A. Harris wrote:
On Mon, 20 Mar 2000, Jim Lindstrom wrote:Date: Mon, 20 Mar 2000 09:20:45 -0600 From: Jim Lindstrom <jlindstr () UIUC EDU> To: INCIDENTS () SECURITYFOCUS COM Subject: 8 hours of pinging I have a machine on the @Home network whose logs I monitor in real-time. Last night from 12:40am to about 8:35am (central standard us time), the machine was continously pinged, at a rate of 5 to 10 times per minute, from machines all over the world. I don't think this was intended as a DDoS, due to the low rate of firings, but what else could this have been?I've read part of the thread on this and I have an idea what it could possibly be. It is possible someone is sending seemingly normal ICMP packets to you, however they could contain covert data. Data could be encoded into the ICMP data, various IP fields, IP options, etc..
We had a similar incident two weeks ago. I sent a mail to the admin of the other machine and he told me that it was a DDoS on their machine. Somebody faked the source IP address and they got the responses of about 3,500 machines. regards Rainer Freis -- Rainer Freis - Leiter Systemadministration santix AG Max-Planck-Str. 7 D-85716 Unterschleissheim Phone: (+49) 89 321506-24 Fax : (+49) 89 321506-99 You don't know what real time-critical software is until you're responsible for the paychecks of a battalion of heavily armed Marines. (somebody in alt.sysadmin.recovery)
Current thread:
- Re: 8 hours of pinging Ed Padin (Mar 21)
- Re: 8 hours of pinging spiff (Mar 22)
- Curious HTTP related probings. Scott A . McIntyre (Mar 22)
- Re: Curious HTTP related probings. Erik Fichtner (Mar 22)
- Re: Curious HTTP related probings. Russell Fulton (Mar 22)
- [Fwd: [fw-wiz] Specious network performance measurements.] horio shoichi (Mar 22)
- <Possible follow-ups>
- Re: 8 hours of pinging Scott Wunsch (Mar 22)
- Re: 8 hours of pinging Robert Graham (Mar 22)
- Re: 8 hours of pinging Rainer Freis (Mar 27)
- Re: 8 hours of pinging Ed Padin (Mar 28)
- Re: 8 hours of pinging Dragos Ruiu (Mar 29)
- rooted by r0x - from address 212.177.241.127 Dwight Schauer (Mar 29)
- Re: rooted by r0x - from address 212.177.241.127 Ethan King (Mar 29)
- Re: rooted by r0x - from address 212.177.241.127 Rick Magill (Mar 30)
- sendmail/identd attack Guido A.J. Stevens (Mar 30)
- Re: rooted by r0x - from address 212.177.241.127 Ryan Russell (Mar 29)
- UDP port 9200 Bobby, Paul (Mar 30)
- Re: UDP port 9200 Robert Graham (Mar 30)
- Re: UDP port 9200 Joey McAlerney (Mar 30)