('binary' encoding is not supported, stored as-is) In-Reply-To: <3F411CBC.2020203at_private> Upon reading of this, I enabled logging of ping requests on my firewall. So far I've only seen three with len=92: 24.64.90.16 (Shaw Communcations) 24.60.234.130 (Comcast, formerly attbi) 24.61.246.103 (Comcast, formerly attbi) My IP is on Comcast, formerly attbi, on a 24.62 IP range. I also have some pings with len=60 but they look more like "normal" ICMP echo requests. >Ken, >We're seeing the same ICMP pattern. >Is this from the blaster? We are looking into filtering ICMP echo >request on our external routers. > >Here is a snip from our IDS, > [**] [1:483:2] ICMP PING CyberKit 2.2 Windows [**] >[Classification: Misc activity] [Priority: 3] >[Xref => http://www.whitehats.com/info/IDS154] >Event ID: 179333 Event Reference: 0 >08/18/03-18:27:28.386411 65.83.120.72 -> xx.xx.xx.xx >ICMP TTL:118 TOS:0x0 ID:21399 IpLen:20 DgmLen:92 >Type:8 Code:0 ID:2 Seq:61261 ECHO >AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA ................ >AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA ................ >AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA ................ >AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA ................ > > >Thanks >Daniel Williams >Cedar Document Technologies --------------------------------------------------------------------------- Captus Networks - Integrated Intrusion Prevention and Traffic Shaping - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Ensure Reliable Performance of Mission Critical Applications - Precisely Define and Implement Network Security and Performance Policies **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo Visit us at: http://www.securityfocus.com/sponsor/CaptusNetworks_incidents_030814 ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Mon Aug 18 2003 - 23:52:34 PDT