Re: 8 hours of pinging

[Rainer_Freis () SANTIX DE (Rainer Freis)]

Hello,

On 24.03.2000 14:03:00 Mike A. Harris wrote:
> On Mon, 20 Mar 2000, Jim Lindstrom wrote:
>
> > Date: Mon, 20 Mar 2000 09:20:45 -0600
> > From: Jim Lindstrom <jlindstr () UIUC EDU>
> > To: INCIDENTS () SECURITYFOCUS COM
> > Subject: 8 hours of pinging
> >
> > I have a machine on the @Home network whose logs I monitor in
> > real-time.  Last night from 12:40am to about 8:35am (central standard us
> > time), the machine was continously pinged, at a rate of 5 to 10 times
> > per minute, from machines all over the world.  I don't think this was
> > intended as a DDoS, due to the low rate of firings, but what else could
> > this have been?
>
> I've read part of the thread on this and I have an idea what it
> could possibly be.  It is possible someone is sending seemingly
> normal ICMP packets to you, however they could contain covert
> data.  Data could be encoded into the ICMP data, various IP
> fields, IP options, etc..

We had a similar incident two weeks ago. I sent a mail to the admin of the other
machine
and he told me that it was a DDoS on their machine. Somebody faked the source IP
address and they got the responses of about 3,500 machines.

regards
     Rainer Freis

--
Rainer Freis   -    Leiter Systemadministration

santix AG Max-Planck-Str. 7   D-85716 Unterschleissheim
Phone: (+49) 89 321506-24          Fax  : (+49) 89 321506-99

You don't know what real time-critical software is until you're responsible for
the paychecks
of a battalion of heavily armed Marines.      (somebody in
alt.sysadmin.recovery)