Re: Huge outgoing ICMP flows

From: Soeren Ziehe (robintonat_private)
Date: Fri Jun 15 2001 - 03:45:00 PDT

Next message: Robert G. Ferrell: "Re: Huge outgoing ICMP flows"

Previous message: James Cox: "RE: grc attacks"
In reply to: Vangelis Haniotakis: "Huge outgoing ICMP flows"
Next in thread: Robert G. Ferrell: "Re: Huge outgoing ICMP flows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In article <Pine.LNX.4.33L2.0106131355060.701-100000at_private> [13 Jun 01]
   Chris Ess  <azarinat_private> wrote:

> But type=0, code=0 (or is it the other way round?) is a ping.  If
> I'm interpreting your table correctly, there are 6,575 pings
> registered from one host and 5,735 from another.  So, yes, it is
> possible that these machines are being used for an ICMP ping DoS
> (AKA smurf attack).

It couls also be that these maschines are "infected" with a trojan and  
are part of a DDOS (e.g. part of a "bot net").
I'd recommend further investigation.

Robinton

-- 
Keyboard not found. Please press a key to continue...

Next message: Robert G. Ferrell: "Re: Huge outgoing ICMP flows"
Previous message: James Cox: "RE: grc attacks"
In reply to: Vangelis Haniotakis: "Huge outgoing ICMP flows"
Next in thread: Robert G. Ferrell: "Re: Huge outgoing ICMP flows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jun 15 2001 - 16:44:05 PDT