Mini-DoS-Attack?

To: debian-security@lists.debian.org
Subject: Mini-DoS-Attack?
From: MH <mh@seitung.net>
Date: 04 Mar 2001 12:50:38 +0100
Message-id: <[🔎] 86n1b1sqgh.fsf@seitung.net>

I noticed unusual and apparently coordinated ping activity from about
a dozen of hosts against my box, when I inspected my logs[1] this
morning.

I'm not especially worried about this regarding my own box (doesn't
seem to be very efficient...) , but could
this be a hint, that some of those boxes are compromised and will be
used in a real (large-scale) attack?

Thanks in advance,


Mar  3 23:58:46 seitung icmplogd: ping from cts21612068130.cts.com [216.120.68.130]
Mar  3 23:58:46 seitung icmplogd: ping from ppp-64-160-241-3.cqos.com [64.160.241.3]
Mar  3 23:58:46 seitung icmplogd: ping from thor.bbox.net [208.161.96.187]
Mar  3 23:58:46 seitung icmplogd: ping from [134.68.82.150]
Mar  3 23:58:46 seitung icmplogd: ping from adsl-216-62-158-3.dsl.hstntx.swbell.net [216.62.158.3]
Mar  3 23:58:46 seitung icmplogd: ping from ppp-64-160-241-3.cqos.com [64.160.241.3]
Mar  3 23:58:46 seitung icmplogd: ping from cts21612068130.cts.com [216.120.68.130]
Mar  3 23:58:46 seitung icmplogd: ping from sidflask.campus.luth.se [130.240.201.200]
Mar  3 23:58:46 seitung icmplogd: ping from 24.68.115.181.on.wave.home.com [24.68.115.181]
Mar  3 23:58:46 seitung icmplogd: ping from sidflask.campus.luth.se [130.240.201.200]
Mar  3 23:58:46 seitung icmplogd: ping from gandalf.globig.com [209.12.117.158]
Mar  3 23:58:47 seitung icmplogd: ping from covert.operations.net [64.163.64.198]
Mar  3 23:58:47 seitung icmplogd: ping from [38.194.103.224]
Mar  3 23:58:47 seitung icmplogd: ping from covert.operations.net [64.163.64.198]
Mar  3 23:58:47 seitung icmplogd: ping from gandalf.globig.com [209.12.117.158]
Mar  3 23:58:47 seitung icmplogd: ping from 24.68.115.181.on.wave.home.com [24.68.115.181]
Mar  3 23:58:47 seitung icmplogd: ping from mlibw245-188-s.dhcp.CSUChico.EDU [132.241.245.188]
Mar  3 23:58:47 seitung icmplogd: ping from sidflask.campus.luth.se [130.240.201.200]
Mar  3 23:58:47 seitung icmplogd: ping from [38.194.103.224]
Mar  3 23:58:47 seitung icmplogd: ping from covert.operations.net [64.163.64.198]
Mar  3 23:58:47 seitung icmplogd: ping from gandalf.globig.com [209.12.117.158]
Mar  3 23:58:47 seitung icmplogd: ping from [207.189.150.228]
Mar  3 23:58:48 seitung icmplogd: ping from agga373fy58qi.ab.hsia.telus.net [142.59.198.153]
Mar  3 23:58:48 seitung icmplogd: ping from mlibw245-188-s.dhcp.CSUChico.EDU [132.241.245.188]
Mar  3 23:58:48 seitung icmplogd: ping from ip-12-35-192-61.hqglobal.net [12.35.192.61]
Mar  3 23:58:48 seitung icmplogd: ping from [38.194.103.224]
Mar  3 23:58:48 seitung icmplogd: ping from [207.189.150.228]
Mar  3 23:58:48 seitung icmplogd: ping from mlibw245-188-s.dhcp.CSUChico.EDU [132.241.245.188]
Mar  3 23:58:48 seitung icmplogd: ping from ip-12-35-192-61.hqglobal.net [12.35.192.61]
Mar  3 23:58:48 seitung icmplogd: ping from agga373fy58qi.ab.hsia.telus.net [142.59.198.153]
Mar  3 23:58:48 seitung icmplogd: ping from [207.189.150.228]
Mar  3 23:58:48 seitung icmplogd: ping from ip-12-35-192-61.hqglobal.net [12.35.192.61]
Mar  3 23:58:48 seitung icmplogd: ping from agga373fy58qi.ab.hsia.telus.net [142.59.198.153]
Mar  3 23:58:48 seitung icmplogd: ping from user-v3qs53k.dialup.mindspring.com [199.174.20.116]
Mar  3 23:58:48 seitung icmplogd: ping from [209.37.71.1]
Mar  3 23:58:48 seitung icmplogd: ping from user-v3qs53k.dialup.mindspring.com [199.174.20.116]
Mar  3 23:58:49 seitung icmplogd: ping from [205.158.114.146]
Mar  3 23:58:49 seitung icmplogd: ping from ubr-33.152.185.apopkavine.cfl.rr.com [65.33.152.185]
Mar  3 23:58:49 seitung icmplogd: ping from [205.158.114.146]
Mar  3 23:58:49 seitung icmplogd: ping from ubr-33.152.185.apopkavine.cfl.rr.com [65.33.152.185]
Mar  3 23:58:49 seitung icmplogd: ping from [209.37.71.1]
Mar  3 23:58:49 seitung icmplogd: ping from ubr-33.152.185.apopkavine.cfl.rr.com [65.33.152.185]
Mar  3 23:58:49 seitung icmplogd: ping from [205.158.114.146]
Mar  3 23:58:49 seitung icmplogd: ping from [209.37.71.1]
Mar  3 23:58:49 seitung icmplogd: ping from gurney.cs.umn.edu [128.101.32.141]
Mar  3 23:58:49 seitung icmplogd: ping from gurney.cs.umn.edu [128.101.32.141]

Attachment: log_excerpt.txt.sig
Description: Binary data

Attachment: pgpzGYu0YJjK7.pgp
Description: PGP signature


MH    
-- 
(Dr.) Michael Hummel
mailto: mh@seitung.net || molino@gmx.net

Footnotes: 
[1]  attached

--
fprint = F24D EAC6 E3D7 372C 9122 D510 EB24 01CA 0B56 B518
id: 1024D/0B56B518 key: http://www.seitung.net/key

Reply to:

Follow-Ups:
- Re: Mini-DoS-Attack?
  - From: Alvin Oga <aoga@Mail.Linux-Consulting.com>

Prev by Date: Re: pptp with mschap
Next by Date: Interpreting error logs??? (source Quench)
Previous by thread: uninstall "bwnfsd" package error
Next by thread: Re: Mini-DoS-Attack?
Index(es):
- Date
- Thread