Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

ICMP-ECHO/TCP-ECHO Flood attacks

From: Dirk Meyer <dirk.meyer () DINOEX SUB ORG>
Date: Wed, 6 Sep 2000 05:35:02 +0200
I logged a lot of Flooding from this networks.
It looks like a Deny-Of-Service attempt to me.
They try to reach every host on teh network
via the broadcast adresses.

Blocking only seem not to help.
Anyone suffer similar attacks?

kind regards Dirk

- Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany

======= Analysis =======

inetnum:     195.222.32.0 - 195.222.63.255
netname:     BA-BIHNET-970730
descr:       Provider Local Registry

======= Log, times in CEST (GMT+2) =======

Sep  6 02:02:51 ICMP:8.0 195.222.63.185 194.45.71.0 in
Sep  6 02:02:51 UDP 195.222.63.185:26224 194.45.71.0:7 in
Sep  6 02:02:51 ICMP:8.0 195.222.63.185 194.45.71.255 in
Sep  6 02:02:51 UDP 195.222.63.185:18214 194.45.71.255:7 in
Sep  6 02:03:12 ICMP:8.0 195.222.63.185 194.45.71.0 in
Sep  6 02:03:12 UDP 195.222.63.185:23744 194.45.71.0:7 in
Sep  6 02:03:12 ICMP:8.0 195.222.63.185 194.45.71.255 in
Sep  6 02:03:12 UDP 195.222.63.185:18118 194.45.71.255:7 in
Sep  6 02:03:32 ICMP:8.0 195.222.63.185 194.45.71.0 in
Sep  6 02:03:32 UDP 195.222.63.185:4303 194.45.71.0:7 in
Sep  6 02:03:32 ICMP:8.0 195.222.63.185 194.45.71.255 in
Sep  6 02:03:32 UDP 195.222.63.185:4390 194.45.71.255:7 in
Sep  6 02:03:53 ICMP:8.0 195.222.63.185 194.45.71.0 in
Sep  6 02:03:53 UDP 195.222.63.185:671 194.45.71.0:7 in
Sep  6 02:03:53 ICMP:8.0 195.222.63.185 194.45.71.255 in
Sep  6 02:03:53 UDP 195.222.63.185:9798 194.45.71.255:7 in
[....]
continued over hours ...
Previous By Date Next
Previous By Thread Next

Current thread: