Security Incidents mailing list archives
ICMP attack in progress?
From: rgg () SOLARIUM CS BUAP MX (Lic. Rodolfo Gonzalez Gonzalez)
Date: Thu, 25 May 2000 12:37:08 -0500
Hi there, I'm geting these packages, I guess it's an ICMP DoS attack: 13:34:59.370266 eth0 B a-mc4-42.tin.it > foo.foo.bar.255: icmp: echo request (ttl 219, id 1045) 13:34:59.370594 eth0 B a-mc4-42.tin.it > foo.foo.bar.255: icmp: echo request (ttl 213, id 1045) 13:34:59.370919 eth0 B a-mc4-42.tin.it > foo.foo.bar.255: icmp: echo request (ttl 217, id 1045) 13:34:59.371215 eth0 B a-mc4-42.tin.it > foo.foo.bar.255: icmp: echo request (ttl 213, id 1045) And soon, over and over, and also comming from these adrresses (spooffed?): Chain input (policy ACCEPT): target prot opt source destination ports DENY all ----l- 212.41.223.98 anywhere n/a DENY all ----l- a-bl6-3.tin.it anywhere n/a DENY all ----l- ppp-151-27-128-14.151-27.libero.it anywhere DENY all ----l- www.tiscalinet.it anywhere n/a DENY all ----l- fastmail.it anywhere n/a DENY all ----l- ppp-151-27-129-197.151-27.libero.it anywhere DENY all ----l- ppp-151-27-129-197.151-27.libero.it anywhere DENY all ----l- a-mc4-42.tin.it anywhere n/a And in general from the 151.27.xxx.xxx and 212.xxx.xxx.xxx nets. Any comments?. Regards, Rodolfo.
Current thread:
- Spoofed ICMP "destination unreachable" - DOS? Ken Eichman (May 22)
- Microsoft version.binding us now? Bill Marquette (May 26)
- New DoS attack Jeff Calvert (May 28)
- Re: Microsoft version.binding us now? Erich Meier (May 29)
- Re: Spoofed ICMP Richard Bejtlich (May 27)
- Re: Spoofed ICMP "destination unreachable" - DOS? Steve Reid (May 27)
- <Possible follow-ups>
- Re: Spoofed ICMP "destination unreachable" - DOS? Aussie (May 24)
- ICMP attack in progress? Lic. Rodolfo Gonzalez Gonzalez (May 25)
- Re: ICMP attack in progress? Crist J. Clark (May 25)
- Re: ICMP attack in progress? Jason Storm (May 26)
- afs3 exploit?? elijah wright (May 25)
- Strange Happenings @Home Fred Hirsch (May 30)
- AMDROCKS Jim Williams (May 25)
- Attacks on port 25 Vincent Lim (May 25)
- Re: Attacks on port 25 Ryan Russell (May 26)
- Re: Attacks on port 25 Bill Lavalette (May 28)
- Re: Attacks on port 25 RayW (May 29)
- ICMP attack in progress? Lic. Rodolfo Gonzalez Gonzalez (May 25)
- invalid icmp in linux? Eric LeBlanc (May 27)
- Microsoft version.binding us now? Bill Marquette (May 26)