Security Incidents mailing list archives
8 hours of pinging
From: michael_p_foley () GROTON PFIZER COM (Foley, Michael P)
Date: Wed, 22 Mar 2000 14:26:13 -0500
Mar 11 2000
04:01:38
Echo reply without request
152.170.185.201
98AAB9C9.ipt.aol.com
Mar 11 2000
04:01:32
Echo reply without request
207.161.125.17
GYPSY
Mar 11 2000
04:01:31
Echo reply without request
169.233.5.57
cm-d0313.resnet.ucsc.edu
Mar 11 2000
04:01:26
Echo reply without request
206.191.63.241
port-2-241.magma.ca
Mar 11 2000
04:01:26
Echo reply without request
24.3.193.159
cc1012526-a.mdltwn1.nj.home.com
Mar 11 2000
04:01:25
Echo reply without request
24.15.161.50
c615149-a.elnsng1.mi.home.com
Mar 11 2000
04:01:24
Echo reply without request
150.199.187.153
SPSWEBWS
Mar 11 2000
04:01:21
Echo reply without request
24.124.54.231
OEMCOMPUTER
Mar 11 2000
04:01:20
Echo reply without request
152.168.240.154
98A8F09A.ipt.aol.com
Mar 11 2000
04:01:16
Echo reply without request
208.236.173.131
s339.intercom.net
Mar 11 2000
04:01:12
Echo reply without request
24.7.129.167
c469687-a.salem1.or.home.com
Mar 11 2000
04:01:09
Echo reply without request
128.223.185.154
OEMCOMPUTER2
Mar 11 2000
04:01:07
Echo reply without request
24.12.120.85
cg928823-a.adubn1.nj.home.com
Mar 11 2000
04:01:05
Echo reply without request
24.112.210.85
cr487426-a.yec1.on.wave.home.com
Mar 11 2000
04:01:02
Echo reply without request
151.204.197.80
DEFAULT
Mar 11 2000
04:01:00
Echo reply without request
24.200.181.108
DOSSIERSYSTEME
Mar 11 2000
04:00:58
Echo reply without request
149.99.21.70
spc-isp-tor-58-22-70.sprint.ca
Mar 11 2000
04:00:56
Echo reply without request
152.171.225.204
98ABE1CC.ipt.aol.com
I have seen this happen with Napster running on my machine. Below is a copy
of a log entry (Captured by BlackIce) while running Napster.
Mar 12 2000 | 18:24:13 | Echo reply without request | 171.209.28.47 |
MARKCUNN
A full list of the log file can be seen at
http://www.members.home.com/tragic101/icelog/log.html
this list is updated in realtime as attacks occur.
-mike
On 20 Mar 2000, at 9:20, Jim Lindstrom wrote:
I have a machine on the @Home network whose logs I monitor in real-time. Last night from 12:40am to about 8:35am (central standard us time), the machine was continously pinged, at a rate of 5 to 10 times per minute, from machines all over the world. I don't think this was intended as a DDoS, due to the low rate of firings, but what else could this have been?
Current thread:
- Generic checksums (MD5 DB) Ville (Mar 17)
- 8 hours of pinging Jim Lindstrom (Mar 20)
- Re: 8 hours of pinging Rick Ballard (Mar 21)
- Re: 8 hours of pinging Robert Graham (Mar 21)
- Re: 8 hours of pinging Bob Fayne (Mar 22)
- Re: 8 hours of pinging Jim Lindstrom (Mar 22)
- 8 hours of pinging Foley, Michael P (Mar 22)
- Re: 8 hours of pinging Mike A. Harris (Mar 24)
- Re: Generic checksums (MD5 DB) Filip M. Gieszczykiewicz (Mar 20)
- <Possible follow-ups>
- Re: Generic checksums (MD5 DB) Jon Burdge (Mar 21)
- Re: Generic checksums (MD5 DB) Thomas J. Kluegel (Mar 21)
- 8 hours of pinging Jim Lindstrom (Mar 20)