Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

ICMP attack in progress?

From: rgg () SOLARIUM CS BUAP MX (Lic. Rodolfo Gonzalez Gonzalez)
Date: Thu, 25 May 2000 12:37:08 -0500

Hi there, I'm geting these packages, I guess it's an ICMP DoS attack:

13:34:59.370266 eth0 B a-mc4-42.tin.it > foo.foo.bar.255: icmp: echo
request (ttl 219, id 1045)
13:34:59.370594 eth0 B a-mc4-42.tin.it > foo.foo.bar.255: icmp: echo
request (ttl 213, id 1045)
13:34:59.370919 eth0 B a-mc4-42.tin.it > foo.foo.bar.255: icmp: echo
request (ttl 217, id 1045)
13:34:59.371215 eth0 B a-mc4-42.tin.it > foo.foo.bar.255: icmp: echo
request (ttl 213, id 1045)

And soon, over and over, and also comming from these adrresses
(spooffed?):

Chain input (policy ACCEPT):
target     prot opt     source                destination           ports
DENY       all  ----l-  212.41.223.98        anywhere              n/a
DENY       all  ----l-  a-bl6-3.tin.it       anywhere              n/a
DENY       all  ----l-  ppp-151-27-128-14.151-27.libero.it anywhere
DENY       all  ----l-  www.tiscalinet.it    anywhere              n/a
DENY       all  ----l-  fastmail.it          anywhere              n/a
DENY       all  ----l-  ppp-151-27-129-197.151-27.libero.it anywhere
DENY       all  ----l-  ppp-151-27-129-197.151-27.libero.it anywhere
DENY       all  ----l-  a-mc4-42.tin.it      anywhere              n/a

And in general from the 151.27.xxx.xxx and 212.xxx.xxx.xxx nets. Any
comments?.

Regards,
Rodolfo.
Previous By Date Next
Previous By Thread Next

Current thread: