DDoS help!

From: Sebastian Ip (9sckiat_private)
Date: Sat Jan 26 2002 - 10:06:46 PST

Next message: Mark Symonds: "Honeypot challenge you've probably already heard about"

Previous message: Nick FitzGerald: "Re: Odd string in packet..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dear bugtraq

I am under a bit of a icmp flood right now. And i really would like to hear 
what more experienced people have ot say about this.

I am actually experiencing nothing significant 

tcpdump shows this:
 12:59:34.427801 < port90.ds1-vj.adsl.cybercity.dk > 
d226-19-71.home.cgocable.net: icmp: echo request (frag 44560:1480@0+)
12:59:34.427801 > d226-19-71.home.cgocable.net > 
ct299951-b.edgewd1.ky.home.com: (frag 43565:1480@50320+)
12:59:34.427801 > d226-19-71.home.cgocable.net > 
ct299951-b.edgewd1.ky.home.com: (frag 43565:1480@51800+)
12:59:34.427801 > d226-19-71.home.cgocable.net > 
ct299951-b.edgewd1.ky.home.com: (frag 43565:1480@53280+)
12:59:34.427801 > d226-19-71.home.cgocable.net > 
ct299951-b.edgewd1.ky.home.com: (frag 43565:1480@54760+)
12:59:34.427801 > d226-19-71.home.cgocable.net > 
ct299951-b.edgewd1.ky.home.com: (frag 43565:1480@56240+)
12:59:34.437800 > d226-19-71.home.cgocable.net > 
ct299951-b.edgewd1.ky.home.com: (frag 43565:1480@57720+)
12:59:34.437800 > d226-19-71.home.cgocable.net > 
ct299951-b.edgewd1.ky.home.com: (frag 43565:1480@59200+)
12:59:34.437800 > d226-19-71.home.cgocable.net > 
ct299951-b.edgewd1.ky.home.com: (frag 43565:1480@60680+)
12:59:34.437800 > d226-19-71.home.cgocable.net > 
ct299951-b.edgewd1.ky.home.com: (frag 43565:1480@62160+)
12:59:34.437800 > d226-19-71.home.cgocable.net > 
ct299951-b.edgewd1.ky.home.com: (frag 43565:368@63640)
12:59:34.457799 < port90.ds1-vj.adsl.cybercity.dk > 
d226-19-71.home.cgocable.net: (frag 44560:1480@1480+)
12:59:34.477797 < port90.ds1-vj.adsl.cybercity.dk > 
d226-19-71.home.cgocable.net: (frag 44560:1480@2960+)
12:59:34.507795 < port90.ds1-vj.adsl.cybercity.dk > 
d226-19-71.home.cgocable.net: (frag 44560:1480@4440+)
12:59:34.537793 < port90.ds1-vj.adsl.cybercity.dk > 
d226-19-71.home.cgocable.net: (frag 44560:1480@5920+)
12:59:34.557791 < port90.ds1-vj.adsl.cybercity.dk > 
d226-19-71.home.cgocable.net: (frag 44560:1480@7400+)
12:59:34.587789 < port90.ds1-vj.adsl.cybercity.dk > 
d226-19-71.home.cgocable.net: (frag 44560:1480@8880+)
12:59:34.617787 < port90.ds1-vj.adsl.cybercity.dk > 
d226-19-71.home.cgocable.net: (frag 44560:1480@10360+)
12:59:35.087752 < D5E02291.kabel.telenet.be > d226-19-71.home.cgocable.net: 
icmp: echo request (frag 58961:1480@0+)
12:59:35.267739 < D5E02291.kabel.telenet.be > d226-19-71.home.cgocable.net: 
(frag 58961:1480@1480+)
12:59:35.317735 < D5E02291.kabel.telenet.be > d226-19-71.home.cgocable.net: 
(frag 58961:1480@2960+)
12:59:35.377731 < D5E02291.kabel.telenet.be > d226-19-71.home.cgocable.net: 
(frag 58961:1480@4440+)
12:59:35.467724 < D5E02291.kabel.telenet.be > d226-19-71.home.cgocable.net: 
(frag 58961:1480@5920+)
12:59:35.557717 < D5E02291.kabel.telenet.be > d226-19-71.home.cgocable.net: 
(frag 58961:1480@7400+)
12:59:35.657710 < D5E02291.kabel.telenet.be > d226-19-71.home.cgocable.net: 
(frag 58961:1480@8880+)
12:59:35.747703 < D5E02291.kabel.telenet.be > d226-19-71.home.cgocable.net: 
(frag 58961:1480@10360+)
12:59:35.847696 < D5E02291.kabel.telenet.be > d226-19-71.home.cgocable.net: 
(frag 58961:1480@11840+)
12:59:35.937689 < D5E02291.kabel.telenet.be > d226-19-71.home.cgocable.net: 
(frag 58961:1480@13320+)
12:59:35.947689 < 12-248-194-107.client.attbi.com > 
d226-19-71.home.cgocable.net: icmp: echo request (frag 56714:1480@0+)
12:59:35.957688 < 12-248-194-107.client.attbi.com > 
d226-19-71.home.cgocable.net: (frag 56714:1480@1480+)
12:59:35.977687 < 12-248-194-107.client.attbi.com > 
d226-19-71.home.cgocable.net: (frag 56714:1480@2960+)
12:59:35.987686 < 12-248-194-107.client.attbi.com > 
d226-19-71.home.cgocable.net: (frag 56714:1480@4440+)
12:59:35.997685 < 12-248-194-107.client.attbi.com > 
d226-19-71.home.cgocable.net: (frag 56714:1480@5920+)
12:59:36.037682 < D5E02291.kabel.telenet.be > d226-19-71.home.cgocable.net: 
(frag 58961:1480@14800+)
12:59:36.127675 < D5E02291.kabel.telenet.be > d226-19-71.home.cgocable.net: 
(frag 58961:1480@16280+)
12:59:36.217669 < D5E02291.kabel.telenet.be > d226-19-71.home.cgocable.net: 
(frag 58961:1480@17760+)
12:59:36.317661 < D5E02291.kabel.telenet.be > d226-19-71.home.cgocable.net: 
(frag 58961:1480@19240+)
12:59:36.407655 < D5E02291.kabel.telenet.be > d226-19-71.home.cgocable.net: 
(frag 58961:1480@20720+)
12:59:36.507647 < D5E02291.kabel.telenet.be > d226-19-71.home.cgocable.net: 
(frag 58961:1480@22200+)

It seems that the icmp echo request causes my machine to generate a bunch of 
icmp packets at another host!

What's going on?

Thanks

Sebastian Ip

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Mark Symonds: "Honeypot challenge you've probably already heard about"
Previous message: Nick FitzGerald: "Re: Odd string in packet..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Jan 27 2002 - 20:01:29 PST