Security Incidents mailing list archives
8 hours of pinging
From: michael_p_foley () GROTON PFIZER COM (Foley, Michael P)
Date: Wed, 22 Mar 2000 14:26:13 -0500
Mar 11 2000 04:01:38 Echo reply without request 152.170.185.201 98AAB9C9.ipt.aol.com Mar 11 2000 04:01:32 Echo reply without request 207.161.125.17 GYPSY Mar 11 2000 04:01:31 Echo reply without request 169.233.5.57 cm-d0313.resnet.ucsc.edu Mar 11 2000 04:01:26 Echo reply without request 206.191.63.241 port-2-241.magma.ca Mar 11 2000 04:01:26 Echo reply without request 24.3.193.159 cc1012526-a.mdltwn1.nj.home.com Mar 11 2000 04:01:25 Echo reply without request 24.15.161.50 c615149-a.elnsng1.mi.home.com Mar 11 2000 04:01:24 Echo reply without request 150.199.187.153 SPSWEBWS Mar 11 2000 04:01:21 Echo reply without request 24.124.54.231 OEMCOMPUTER Mar 11 2000 04:01:20 Echo reply without request 152.168.240.154 98A8F09A.ipt.aol.com Mar 11 2000 04:01:16 Echo reply without request 208.236.173.131 s339.intercom.net Mar 11 2000 04:01:12 Echo reply without request 24.7.129.167 c469687-a.salem1.or.home.com Mar 11 2000 04:01:09 Echo reply without request 128.223.185.154 OEMCOMPUTER2 Mar 11 2000 04:01:07 Echo reply without request 24.12.120.85 cg928823-a.adubn1.nj.home.com Mar 11 2000 04:01:05 Echo reply without request 24.112.210.85 cr487426-a.yec1.on.wave.home.com Mar 11 2000 04:01:02 Echo reply without request 151.204.197.80 DEFAULT Mar 11 2000 04:01:00 Echo reply without request 24.200.181.108 DOSSIERSYSTEME Mar 11 2000 04:00:58 Echo reply without request 149.99.21.70 spc-isp-tor-58-22-70.sprint.ca Mar 11 2000 04:00:56 Echo reply without request 152.171.225.204 98ABE1CC.ipt.aol.com I have seen this happen with Napster running on my machine. Below is a copy of a log entry (Captured by BlackIce) while running Napster. Mar 12 2000 | 18:24:13 | Echo reply without request | 171.209.28.47 | MARKCUNN A full list of the log file can be seen at http://www.members.home.com/tragic101/icelog/log.html this list is updated in realtime as attacks occur. -mike On 20 Mar 2000, at 9:20, Jim Lindstrom wrote:
I have a machine on the @Home network whose logs I monitor in real-time. Last night from 12:40am to about 8:35am (central standard us time), the machine was continously pinged, at a rate of 5 to 10 times per minute, from machines all over the world. I don't think this was intended as a DDoS, due to the low rate of firings, but what else could this have been?
Current thread:
- Generic checksums (MD5 DB) Ville (Mar 17)
- 8 hours of pinging Jim Lindstrom (Mar 20)
- Re: 8 hours of pinging Rick Ballard (Mar 21)
- Re: 8 hours of pinging Robert Graham (Mar 21)
- Re: 8 hours of pinging Bob Fayne (Mar 22)
- Re: 8 hours of pinging Jim Lindstrom (Mar 22)
- 8 hours of pinging Foley, Michael P (Mar 22)
- Re: 8 hours of pinging Mike A. Harris (Mar 24)
- Re: Generic checksums (MD5 DB) Filip M. Gieszczykiewicz (Mar 20)
- <Possible follow-ups>
- Re: Generic checksums (MD5 DB) Jon Burdge (Mar 21)
- Re: Generic checksums (MD5 DB) Thomas J. Kluegel (Mar 21)
- 8 hours of pinging Jim Lindstrom (Mar 20)