Security Incidents mailing list archives
ICMP-ECHO/TCP-ECHO Flood attacks
From: Dirk Meyer <dirk.meyer () DINOEX SUB ORG>
Date: Wed, 6 Sep 2000 05:35:02 +0200
I logged a lot of Flooding from this networks. It looks like a Deny-Of-Service attempt to me. They try to reach every host on teh network via the broadcast adresses. Blocking only seem not to help. Anyone suffer similar attacks? kind regards Dirk - Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany ======= Analysis ======= inetnum: 195.222.32.0 - 195.222.63.255 netname: BA-BIHNET-970730 descr: Provider Local Registry ======= Log, times in CEST (GMT+2) ======= Sep 6 02:02:51 ICMP:8.0 195.222.63.185 194.45.71.0 in Sep 6 02:02:51 UDP 195.222.63.185:26224 194.45.71.0:7 in Sep 6 02:02:51 ICMP:8.0 195.222.63.185 194.45.71.255 in Sep 6 02:02:51 UDP 195.222.63.185:18214 194.45.71.255:7 in Sep 6 02:03:12 ICMP:8.0 195.222.63.185 194.45.71.0 in Sep 6 02:03:12 UDP 195.222.63.185:23744 194.45.71.0:7 in Sep 6 02:03:12 ICMP:8.0 195.222.63.185 194.45.71.255 in Sep 6 02:03:12 UDP 195.222.63.185:18118 194.45.71.255:7 in Sep 6 02:03:32 ICMP:8.0 195.222.63.185 194.45.71.0 in Sep 6 02:03:32 UDP 195.222.63.185:4303 194.45.71.0:7 in Sep 6 02:03:32 ICMP:8.0 195.222.63.185 194.45.71.255 in Sep 6 02:03:32 UDP 195.222.63.185:4390 194.45.71.255:7 in Sep 6 02:03:53 ICMP:8.0 195.222.63.185 194.45.71.0 in Sep 6 02:03:53 UDP 195.222.63.185:671 194.45.71.0:7 in Sep 6 02:03:53 ICMP:8.0 195.222.63.185 194.45.71.255 in Sep 6 02:03:53 UDP 195.222.63.185:9798 194.45.71.255:7 in [....] continued over hours ...
Current thread:
- ICMP-ECHO/TCP-ECHO Flood attacks Dirk Meyer (Sep 05)