Security Incidents mailing list archives

RE: Ping Scan

From: "Tulchinskiy, Sasha" <STulchinskiy () aspensys com>
Date: Mon, 17 Sep 2001 09:28:36 -0400

Frank,

I'm not sure if it is relevant to your situation, but I see a lot of these
when we run WebTrends - this tool tries to get titles of pages in "The most
accessed pages" reports. The same time my IDS reports "ICMP storm"...

Sasha.

-----Original Message-----
From: Frank Knobbe [mailto:FKnobbe () KnobbeITS com]
Sent: Monday, September 17, 2001 12:52 AM
To: incidents () securityfocus com
Subject: Ping Scan


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings,

can anyone identify following Ping Scan tool?

I usually get a few of those 'ICMP unreachables' (supposedly coming
some IP's that don't exist/don't have servers). However, over the
last few days I've seen a drastic increase. Anyone seeing the same?

Regards,
Frank


[**] Ping Scan [**]
09/14-21:42:32.798231 204.255.169.37 -> x.x.x.x
ICMP TTL:247 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:1  DESTINATION UNREACHABLE: HOST UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
x.x.x.x:23547 -> 202.46.194.5:32165
TCP TTL:188 TOS:0x8 ID:30922 IpLen:20 DgmLen:40
Seq: 0x74832EB6  Ack: 0x10BDC00C
** END OF DUMP
00 00 00 00 45 08 00 28 78 CA 40 00 BC 06 78 CA  ....E..(x.@...x.
xx xx xx xx CA 2E C2 05 5B FB 7D A5 74 83 2E B6  Aj......[.}.t...

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+=+

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: PGP or S/MIME (X.509) encrypted email preferred.

iQA/AwUBO6WBaZytSsEygtEFEQL+4ACgy9+gy/XCiCGNj9+uffQOuiwsKusAn3bF
Fwl8Lkco5Mwsh9UJWA5UXjCY
=FT0J
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Ping Scan Frank Knobbe (Sep 16)
- RE: Ping Scan Fernando Cardoso (Sep 17)
- RE: Ping Scan Ofir Arkin (Sep 17)
- <Possible follow-ups>
- RE: Ping Scan Tulchinskiy, Sasha (Sep 17)
- RE: Ping Scan Frank Knobbe (Sep 17)
  - RE: Ping Scan Fernando Cardoso (Sep 17)