Security Incidents mailing list archives
Re: [Snort-users] 13 instances of ping bsd
From: John Pettitt <jpp () CLOUDVIEW COM>
Date: Tue, 28 Nov 2000 13:45:10 -0800
I had the same thing yesterday: Nov 27 18:36:48 gatekeeper snort[28923]: IDS152 - PING BSD: 208.185.109.130 -> 216.103.77.155 Nov 27 18:36:48 gatekeeper snort[28923]: IDS152 - PING BSD: 64.41.192.103 -> 216.103.77.155 Nov 27 18:36:48 gatekeeper snort[28923]: IDS152 - PING BSD: 207.235.98.194 -> 216.103.77.155 Nov 27 18:36:48 gatekeeper snort[28923]: IDS152 - PING BSD: 206.190.24.162 -> 216.103.77.155 Nov 27 18:36:48 gatekeeper snort[28923]: IDS152 - PING BSD: 63.140.72.3 -> 216.103.77.155 Nov 27 18:36:48 gatekeeper snort[28923]: IDS152 - PING BSD: 206.63.151.4 -> 216.103.77.155 Nov 27 18:36:49 gatekeeper snort[28923]: IDS152 - PING BSD: 64.67.26.194 -> 216.103.77.155 Nov 27 18:36:49 gatekeeper snort[28923]: IDS152 - PING BSD: 216.219.241.162 -> 216.103.77.155 Nov 27 18:36:49 gatekeeper snort[28923]: IDS152 - PING BSD: 208.185.54.14 -> 216.103.77.155 Nov 27 18:36:49 gatekeeper snort[28923]: IDS152 - PING BSD: 203.166.49.226 -> 216.103.77.155 Nov 27 18:36:50 gatekeeper snort[28923]: IDS152 - PING BSD: 200.194.68.4 -> 216.103.77.155 Nov 27 18:36:50 gatekeeper snort[28923]: IDS152 - PING BSD: 203.197.173.129 -> 216.103.77.155 Nov 27 18:36:50 gatekeeper snort[28923]: IDS152 - PING BSD: 202.54.111.72 -> 216.103.77.155 In fact yesterday was a busy day for this kind of stuff: Nov 27 20:44:40 gatekeeper snort[28923]: MISC-WinGate-8080-Attempt: 24.162.235.165:3797 -> 216.103.77.155:8080 Nov 27 20:44:40 gatekeeper snort[28923]: MISC-WinGate-8080-Attempt: 24.162.235.165:3798 -> 216.103.77.156:8080 Nov 27 20:44:40 gatekeeper snort[28923]: MISC-WinGate-8080-Attempt: 24.162.235.165:3797 -> 216.103.77.155:8080 Nov 27 20:44:40 gatekeeper snort[28923]: MISC-WinGate-8080-Attempt: 24.162.235.165:3798 -> 216.103.77.156:8080 Nov 27 20:44:41 gatekeeper snort[28923]: MISC-WinGate-8080-Attempt: 24.162.235.165:3797 -> 216.103.77.155:8080 Nov 27 20:44:41 gatekeeper snort[28923]: MISC-WinGate-8080-Attempt: 24.162.235.165:3798 -> 216.103.77.156:8080 Nov 27 21:15:45 gatekeeper snort[28923]: IIS vti_inf access attempt: 63.74.117.66:11289 -> 216.103.77.155:80 Nov 27 21:15:47 gatekeeper snort[28923]: FrontPage-shtml.exe: 63.74.117.66:11290 -> 216.103.77.155:80 Nov 27 21:15:48 gatekeeper snort[28923]: IIS vti_inf access attempt: 63.74.117.66:11291 -> 216.103.77.155:80 Nov 27 21:15:49 gatekeeper snort[28923]: FrontPage-shtml.exe: 63.74.117.66:11292 -> 216.103.77.155:80 Nov 27 21:32:43 gatekeeper snort[28923]: IDS152 - PING BSD: 208.185.109.130 -> 216.103.77.155 Nov 27 21:32:43 gatekeeper snort[28923]: IDS152 - PING BSD: 63.251.235.226 -> 216.103.77.155 Nov 27 21:32:43 gatekeeper snort[28923]: IDS152 - PING BSD: 64.94.206.66 -> 216.103.77.155 Nov 27 21:32:43 gatekeeper snort[28923]: IDS152 - PING BSD: 216.52.110.66 -> 216.103.77.155 Nov 27 21:32:43 gatekeeper snort[28923]: IDS152 - PING BSD: 63.251.167.2 -> 216.103.77.155 Nov 27 21:32:43 gatekeeper snort[28923]: IDS152 - PING BSD: 63.251.120.2 -> 216.103.77.155 Nov 27 21:32:43 gatekeeper snort[28923]: IDS152 - PING BSD: 193.214.57.194 -> 216.103.77.155 Nov 27 21:32:44 gatekeeper snort[28923]: IDS152 - PING BSD: 212.73.220.2 -> 216.103.77.155 Nov 27 21:32:44 gatekeeper snort[28923]: IDS152 - PING BSD: 209.83.178.130 -> 216.103.77.155 Nov 27 21:32:44 gatekeeper snort[28923]: IDS152 - PING BSD: 63.209.37.11 -> 216.103.77.155 Nov 27 21:32:44 gatekeeper snort[28923]: IDS152 - PING BSD: 64.94.163.226 -> 216.103.77.155 Nov 27 21:32:45 gatekeeper snort[28923]: IDS152 - PING BSD: 63.251.159.2 -> 216.103.77.155 Nov 27 21:32:45 gatekeeper snort[28923]: IDS152 - PING BSD: 200.53.184.66 -> 216.103.77.155 At 06:51 AM 11/28/2000, Al Huger - Mail Account wrote:
Alfred Huger VP Engineering SecurityFocus.com On Tue, 28 Nov 2000, Mark Rowlands wrote: > [**] IDS152 - PING BSD [**] > 11/27-22:49:21.777738 0:80:C8:56:FB:5 -> 0:10:4B:B6:F1:7B type:0x800 len:0x62 > 203.197.173.129 -> 62.5.7.17 ICMP TTL:56 TOS:0x0 ID:55074 > ID:23472 Seq:51862 ECHO > 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 ................ > 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 ........ !"#$%&' > 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37 ()*+,-./01234567 > 38 39 3A 3B 3C 3D 3E 3F 89:;<=>? > > =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ > > hi folks, got 13 of these within millisecs of each other all different IPs > but apparently same mac address...... none of the addresses have shown up > before or since. any thoughts? > _______________________________________________ > Snort-users mailing list > Snort-users () lists sourceforge net > http://lists.sourceforge.net/mailman/listinfo/snort-users > I am not sure if this matches but Andre Kajita the exact same thing (well, not exactly but *really* close) and reported it to the Incidents list: http://www.securityfocus.com/archive/75/147134 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net http://lists.sourceforge.net/mailman/listinfo/snort-users
John Pettitt Email: jpp () cloudview com The 3 stages of man: He believes in Santa Claus. He doesn't believe in Santa Claus. He is Santa Claus. PGP keys on MIT & pgp.com servers. Fingerprint: 81B5 446D 3E0E 1CDE 5A45 644A A744 54C4 7886 3658
Current thread:
- Re: [Snort-users] 13 instances of ping bsd John Pettitt (Nov 30)