Security Incidents mailing list archives
Smurf attack?
From: Glenn Gillis <glenn () ELAW ORG>
Date: Fri, 6 Oct 2000 11:02:40 -0700
Over the past few days our firewall has been logging a large number of dropped pings to our subnet broadcast address. A few questions to the list: 1) Should I consider this a smurf attack, and if so what is the appropriate reaction on my part? I assume the source address is likely spoofed? So notifying the upstream provider (exodus.net) would seem to be a waste of time. Should I just notify my ISP? 2) Speaking of my ISP, shouldn't they be blocking IP-directed broadcasts? 3) The traffic at the bottom of the log snippet to UDP ports 35095, 27434, etc. to our broadcast address don't make any sense to me. Any suggestions? Any enlightenment would be appreciated, Glenn Gillis Environmental Law Alliance Worldwide UTC 10/05/2000 19:22:21.272 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 19:23:22.688 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 19:24:24.128 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 19:25:25.544 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 19:25:46.032 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 19:26:06.480 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 19:27:07.912 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 19:28:09.352 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 19:29:10.784 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 19:30:12.336 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 19:31:13.736 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 19:32:15.128 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 19:33:16.576 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 19:34:18.016 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 19:35:19.432 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 19:36:20.832 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 19:37:22.272 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 19:37:42.736 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 19:38:44.176 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 19:39:45.608 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 19:40:47.064 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 19:41:07.496 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 19:42:08.912 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 19:43:10.384 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 19:44:11.768 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 19:45:13.208 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 19:46:14.640 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 19:47:16.080 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 19:48:17.496 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 19:49:18.912 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 19:50:20.352 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 19:51:21.752 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 19:52:23.224 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 19:53:24.608 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 19:54:26.064 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 19:55:27.496 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 19:56:28.896 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 19:57:30.352 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 19:58:31.768 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 19:59:33.192 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 20:00:34.624 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 20:01:36.080 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 20:02:37.464 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 20:03:38.896 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 20:04:40.384 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 20:05:41.736 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 20:06:43.208 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 20:07:44.608 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 20:08:46.064 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 20:09:47.480 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 20:13:12.240 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 20:14:13.656 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 20:15:15.080 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 20:16:16.528 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 20:17:18.816 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 20:18:20.256 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 20:19:01.240 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 20:20:02.624 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 20:21:04.080 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 20:22:05.480 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 20:23:06.880 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 20:24:08.352 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/05/2000 20:25:09.768 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/06/2000 13:43:10.688 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/06/2000 13:44:12.480 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/06/2000 13:45:14.480 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/06/2000 13:46:16.224 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/06/2000 13:48:42.160 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/06/2000 13:49:02.592 - UDP packet dropped - Source:216.34.65.93, 25713, WAN - Destination:216.36.12.255, 35095, LAN - - Rule 17 UTC 10/06/2000 13:49:22.848 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/06/2000 13:49:23.016 - UDP packet dropped - Source:216.34.65.93, 63302, WAN - Destination:216.36.12.255, 111, LAN - 'Sun RPC' - Rule 17 UTC 10/06/2000 13:49:43.272 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/06/2000 13:49:43.288 - UDP packet dropped - Source:216.34.65.93, 21790, WAN - Destination:216.36.12.255, 27434, LAN - - Rule 17 UTC 10/06/2000 13:50:03.624 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/06/2000 13:50:03.640 - UDP packet dropped - Source:216.34.65.93, 2009, WAN - Destination:216.36.12.255, 54519, LAN - - Rule 17 UTC 10/06/2000 13:51:26.000 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/06/2000 13:51:26.000 - UDP packet dropped - Source:216.34.65.93, 24748, WAN - Destination:216.36.12.255, 59288, LAN - - Rule 17 UTC 10/06/2000 13:51:46.080 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/06/2000 13:51:46.080 - UDP packet dropped - Source:216.34.65.93, 47437, WAN - Destination:216.36.12.255, 32939, LAN - - Rule 17 UTC 10/06/2000 13:52:06.496 - ICMP packet dropped - Source:216.34.65.93, 8, WAN - Destination:216.36.12.255, LAN - 'Ping' - Rule 8 UTC 10/06/2000 13:52:06.496 - UDP packet dropped - Source:216.34.65.93, 5910, WAN - Destination:216.36.12.255, 43757, LAN - - Rule 17
Current thread:
- Smurf attack? Glenn Gillis (Oct 08)
- Re: Smurf attack? Ryan Russell (Oct 10)