Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Smurf attack?

From: Glenn Gillis <glenn () ELAW ORG>
Date: Fri, 6 Oct 2000 11:02:40 -0700
Over the past few days our firewall has been logging a large number of dropped pings
to our subnet broadcast address. A few questions to the list:

1) Should I consider this a smurf attack, and if so what is the appropriate reaction
on my part? I assume the source address is likely spoofed? So notifying the upstream
provider (exodus.net) would seem to be a waste of time. Should I just notify my ISP?

2) Speaking of my ISP, shouldn't they be blocking IP-directed broadcasts?

3) The traffic at the bottom of the log snippet to UDP ports 35095, 27434, etc. to our
broadcast address don't make any sense to me. Any suggestions?

Any enlightenment would be appreciated,

Glenn Gillis
Environmental Law Alliance Worldwide

UTC 10/05/2000 19:22:21.272 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 19:23:22.688 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 19:24:24.128 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 19:25:25.544 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 19:25:46.032 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 19:26:06.480 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 19:27:07.912 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 19:28:09.352 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 19:29:10.784 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 19:30:12.336 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 19:31:13.736 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 19:32:15.128 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 19:33:16.576 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 19:34:18.016 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 19:35:19.432 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 19:36:20.832 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 19:37:22.272 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 19:37:42.736 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 19:38:44.176 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 19:39:45.608 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 19:40:47.064 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 19:41:07.496 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 19:42:08.912 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 19:43:10.384 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 19:44:11.768 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 19:45:13.208 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 19:46:14.640 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 19:47:16.080 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 19:48:17.496 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 19:49:18.912 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 19:50:20.352 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 19:51:21.752 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 19:52:23.224 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 19:53:24.608 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 19:54:26.064 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 19:55:27.496 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 19:56:28.896 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 19:57:30.352 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 19:58:31.768 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 19:59:33.192 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 20:00:34.624 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 20:01:36.080 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 20:02:37.464 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 20:03:38.896 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 20:04:40.384 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 20:05:41.736 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 20:06:43.208 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 20:07:44.608 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 20:08:46.064 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 20:09:47.480 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 20:13:12.240 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 20:14:13.656 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 20:15:15.080 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 20:16:16.528 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 20:17:18.816 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 20:18:20.256 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 20:19:01.240 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 20:20:02.624 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 20:21:04.080 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 20:22:05.480 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 20:23:06.880 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 20:24:08.352 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/05/2000 20:25:09.768 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/06/2000 13:43:10.688 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/06/2000 13:44:12.480 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/06/2000 13:45:14.480 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/06/2000 13:46:16.224 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/06/2000 13:48:42.160 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/06/2000 13:49:02.592 -   UDP packet dropped -    Source:216.34.65.93, 25713, WAN -       
Destination:216.36.12.255, 35095, LAN -          -      Rule 17
UTC 10/06/2000 13:49:22.848 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/06/2000 13:49:23.016 -   UDP packet dropped -    Source:216.34.65.93, 63302, WAN -       
Destination:216.36.12.255, 111, LAN -   'Sun RPC' -     Rule 17
UTC 10/06/2000 13:49:43.272 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/06/2000 13:49:43.288 -   UDP packet dropped -    Source:216.34.65.93, 21790, WAN -       
Destination:216.36.12.255, 27434, LAN -          -      Rule 17
UTC 10/06/2000 13:50:03.624 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/06/2000 13:50:03.640 -   UDP packet dropped -    Source:216.34.65.93, 2009, WAN -        
Destination:216.36.12.255, 54519, LAN -          -      Rule 17
UTC 10/06/2000 13:51:26.000 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/06/2000 13:51:26.000 -   UDP packet dropped -    Source:216.34.65.93, 24748, WAN -       
Destination:216.36.12.255, 59288, LAN -          -      Rule 17
UTC 10/06/2000 13:51:46.080 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/06/2000 13:51:46.080 -   UDP packet dropped -    Source:216.34.65.93, 47437, WAN -       
Destination:216.36.12.255, 32939, LAN -          -      Rule 17
UTC 10/06/2000 13:52:06.496 -   ICMP packet dropped -   Source:216.34.65.93, 8, WAN -   Destination:216.36.12.255, LAN 
-        'Ping' -        Rule 8
UTC 10/06/2000 13:52:06.496 -   UDP packet dropped -    Source:216.34.65.93, 5910, WAN -        
Destination:216.36.12.255, 43757, LAN -          -      Rule 17
Previous By Date Next
Previous By Thread Next

Current thread: