Security Incidents mailing list archives
Re: Strange ping reply packets
From: Artur.Nowak-incidents () WODIP OPOLE PL (Artur Nowak)
Date: Sat, 12 Feb 2000 00:18:43 +0100
Arthur, I don't think the IP's are randomly generated.. Check out these addresses.. 212.151.36.6 [3,30] 128.210.131.189 [10,38] 129.82.96.191 [11,42] 209.166.140.96 [14,45] 203.134.57.37 [22,40] Those matches were found at the lines specified in your log. If you are seeing duplicate IP addresses more than 10 sec apart, some of those may be real. Is it possible this is legitimate traffic?
I check logs with traffic and found that icmp ping request' packets has been sent from my network. I don't know who was initiator of this trafic, but now all icmp packets going out are denied (only packets from network, not from firewall). Thanks all for help and answers. -- Artur Nowak ==> mail anowak-pgp () wodip opole pl for PGP pub_key e-mail : anowak () wodip opole pl || anowak () polo po opole pl www : www.wodip.opole.pl/~anowak/ || polo.po.opole.pl/~anowak/ PGP: 0x7BCE3064 | CF14 7AF4 2A1B 485E B0B5 1261 F7A1 26D5 7BCE 3064
Current thread:
- Re: Strange ping reply packets Pavel Aubuchon-Mendoza (Feb 10)
- <Possible follow-ups>
- Re: Strange ping reply packets Artur Nowak (Feb 11)