Security Basics mailing list archives
RE: Ping Cyberkit 2.2
From: "Ian Kennedy" <ian.kennedy () systemc com>
Date: Mon, 15 Sep 2003 16:09:04 +0100
I too had the same problem and found my hard disc space shrinking and queries to the logs sluggish. This link to the Smoothwall forums explains how to remove the log entries and ignore any future hits: http://community.smoothwall.org/forum/viewtopic.php?t=1003&highlight=icmp Ian -----Original Message----- From: Karma [mailto:steve () frij com] Sent: 12 September 2003 23:59 To: Dr Aldo Medina; security-basics () securityfocus com Subject: Re: Ping Cyberkit 2.2 The ICMP packets from Nachi/Welchia resembles the Cyberkit packets with 64 (?) hexadecimal 'aa' as the content. If that is the case, I wouldnt be worried. The sources are mostly spoofed, but mostly class B regards Steve ----- Original Message ----- From: "Dr Aldo Medina" <aldomedina () hotpop com> To: <security-basics () securityfocus com> Sent: Friday, September 12, 2003 12:12 PM Subject: Ping Cyberkit 2.2
Since about a week, my snort logs are full of messages like this: Sep 6 12:27:56 linuxserver snort: [1:483:2] ICMP PING CyberKit 2.2 Windows [Classification: Misc activity] [Priority: 3]: {ICMP} 200.95.132.194 -> 200.95.123.16 Sep 6 12:29:23 linuxserver snort: [1:483:2] ICMP PING CyberKit 2.2 Windows [Classification: Misc activity] [Priority: 3]: {ICMP} 200.95.66.113 -> 200.95.123.16Sep 6 12:31:24 linuxserver snort: [1:483:2] ICMP PING CyberKit 2.2 Windows [Classification: Misc activity] [Priority: 3]: {ICMP} 200.95.132.65 -> 200.95.123.16Sep 6 12:39:01 linuxserver snort: [1:483:2] ICMP PING CyberKit 2.2 Windows [Classification: Misc activity] [Priority: 3]: {ICMP} 200.95.21.229 -> 200.95.123.16Sep 6 12:41:52 linuxserver snort: [1:483:2] ICMP PING CyberKit 2.2 Windows [Classification: Misc activity] [Priority: 3]: {ICMP} 200.95.132.88 -> 200.95.123.16Sep 6 12:45:33 linuxserver snort: [1:483:2] ICMP PING CyberKit 2.2 Windows [Classification: Misc activity] [Priority: 3]: {ICMP} 200.95.132.131 -> 200.95.123.16 Sep 6 12:48:14 linuxserver snort: [1:483:2] ICMP PING CyberKit 2.2 Windows [Classification: Misc activity] [Priority: 3]: {ICMP} 200.95.129.36 -> 200.95.123.16Sep 6 12:51:10 linuxserver snort: [1:483:2] ICMP PING CyberKit 2.2 Windows [Classification: Misc activity] [Priority: 3]: {ICMP} 200.95.33.116 -> 200.95.123.16 Running Linux Debian Woody. Should I be worried? TIA. --------------------------------------------------------------------------
-
Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm --------------------------------------------------------------------------
--
--------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- Ping Cyberkit 2.2 Dr Aldo Medina (Sep 12)
- Re: Ping Cyberkit 2.2 Karma (Sep 15)
- RE: Ping Cyberkit 2.2 Ian Kennedy (Sep 15)
- Re: Ping Cyberkit 2.2 GSimmonds (Sep 15)
- <Possible follow-ups>
- RE: Ping Cyberkit 2.2 Ryan Belcher (Sep 12)
- Re: Ping Cyberkit 2.2 Karma (Sep 15)