Security Incidents mailing list archives

rash of pings.

From: "Hendrie, David J, GOVMK" <hendrie () ATT COM>
Date: Mon, 13 Nov 2000 14:14:18 -0500

Dialed into AT&T Global Network Saturday night.  Laptop with windows 98
using zonealarm v 2.1.25.

I was hit with a rash of events, mostly pings, from diverse sources and then
quiet for hours afterwards.

The Zonealarms log:

FWIN,2000/11/11,21:32:14 -5:00 GMT,64.124.41.175:8888,32.102.5.59:1130,TCP

FWIN,2000/11/11,21:32:24 -5:00 GMT,24.141.187.152:0,32.102.5.59:0,ICMP
FWIN,2000/11/11,21:33:18 -5:00 GMT,24.17.11.117:0,32.102.5.59:0,ICMP
FWIN,2000/11/11,21:33:36 -5:00 GMT,209.122.214.179:0,32.102.5.59:0,ICMP
FWIN,2000/11/11,21:35:44 -5:00 GMT,24.22.59.120:0,32.102.5.59:0,ICMP
FWIN,2000/11/11,21:36:00 -5:00 GMT,208.199.23.21:0,32.102.5.59:0,ICMP
FWIN,2000/11/11,21:36:32 -5:00 GMT,24.70.115.206:0,32.102.5.59:0,ICMP
FWIN,2000/11/11,21:37:26 -5:00 GMT,209.74.174.101:0,32.102.5.59:0,ICMP
FWIN,2000/11/11,21:38:56 -5:00 GMT,148.221.97.91:0,32.102.5.59:0,ICMP
FWIN,2000/11/11,21:39:28 -5:00 GMT,142.104.202.43:0,32.102.5.59:0,ICMP
FWIN,2000/11/11,21:39:50 -5:00 GMT,24.163.90.42:0,32.102.5.59:0,ICMP

FWIN,2000/11/11,21:39:52 -5:00 GMT,64.124.41.175:8888,32.102.5.59:1130,TCP

FWIN,2000/11/11,21:40:08 -5:00 GMT,24.181.221.158:0,32.102.5.59:0,ICMP
FWIN,2000/11/11,21:40:38 -5:00 GMT,172.168.57.60:0,32.102.5.59:0,ICMP
FWIN,2000/11/11,21:41:00 -5:00 GMT,24.179.37.77:0,32.102.5.59:0,ICMP
FWIN,2000/11/11,21:41:00 -5:00 GMT,209.91.153.165:0,32.102.5.59:0,ICMP
FWIN,2000/11/11,21:41:50 -5:00 GMT,24.165.10.140:0,32.102.5.59:0,ICMP
FWIN,2000/11/11,21:42:16 -5:00 GMT,209.91.55.188:0,32.102.5.59:0,ICMP
FWIN,2000/11/11,21:43:10 -5:00 GMT,172.173.133.119:0,32.102.5.59:0,ICMP
FWIN,2000/11/11,21:43:36 -5:00 GMT,172.129.184.254:0,32.102.5.59:0,ICMP
FWIN,2000/11/11,21:44:28 -5:00 GMT,172.158.154.136:0,32.102.5.59:0,ICMP
FWIN,2000/11/11,21:44:46 -5:00 GMT,172.162.101.74:0,32.102.5.59:0,ICMP
FWIN,2000/11/11,21:45:36 -5:00 GMT,24.162.184.52:0,32.102.5.59:0,ICMP
FWIN,2000/11/11,21:45:42 -5:00 GMT,12.76.84.55:0,32.102.5.59:0,ICMP

FWIN,2000/11/11,21:45:52 -5:00 GMT,64.124.41.175:8888,32.102.5.59:1130,TCP

FWIN,2000/11/11,21:45:56 -5:00 GMT,200.193.21.125:0,32.102.5.59:0,ICMP
FWIN,2000/11/11,21:46:06 -5:00 GMT,204.186.21.26:0,32.102.5.59:0,ICMP
FWIN,2000/11/11,21:47:18 -5:00 GMT,63.49.188.86:0,32.102.5.59:0,ICMP
FWIN,2000/11/11,21:47:40 -5:00 GMT,209.215.4.57:0,32.102.5.59:0,ICMP
FWIN,2000/11/11,21:49:42 -5:00 GMT,63.46.48.80:0,32.102.5.59:0,ICMP
FWIN,2000/11/11,21:50:40 -5:00 GMT,209.91.153.165:0,32.102.5.59:0,ICMP
FWIN,2000/11/11,21:51:04 -5:00 GMT,63.53.190.147:0,32.102.5.59:0,ICMP

Any ideas on whether this was a concerted effort or random Saturday night
boredom???

David Jon Hendrie

AT&T Information Security Center

hendrie () att com
(973) 236-6560

Current thread:

rash of pings. Hendrie, David J, GOVMK (Nov 14)
- <Possible follow-ups>
- Re: rash of pings. Lastname, Firstname (Nov 15)
  - Very large scale named Iquery scan? Tom Whipp (Nov 16)