RE: synchronized pings

To: <debian-security@lists.debian.org>
Cc: "P.Ook" <"p..ook"@lycos.es>
Subject: RE: synchronized pings
From: "Boyan Krosnov" <bkrosnov@lirex.bg>
Date: Fri, 11 Oct 2002 08:21:03 +0300
Message-id: <[🔎] ACB9EEE02202C449B0158F02DDD8AD0C53AE5C@exquila.lirex.com>

How about an nmap decoy scan with initial ICMP ping of the scanned host, does it explain what you saw ?
Did you check all these addresses if they were up at the moment of the .. er .. attack?


BR,
Boyan Krosnov, CCIE#8701
http://boyan.ludost.net/
Just another techie speaking for himself

> -----Original Message-----
> From: P.Ook [mailto:"p..ook"@lycos.es] 
> Sent: None
> To: debian-security@lists.debian.org
> Cc: "p..ook"@lycos.es
> Subject: synchronized pings
> 
> 
> Hi all, 
> 
> I've found 'synchronized pings' in my logs from several hosts 
> all around the world.
> Today they where 11 hosts more or less doing ping to my 
> Debian box at the same time
> (11 pings in the same second). Sure this is not a DOS attack, 
> almost for my server,
> but i can't understand why they are pinging me all at the 
> same time, three o more
> times a day. Any ideas?
> 
> Searching in the logs I found pings from same of theese hosts 
> a month ago, but in that
> days they were only 3-5 hosts pinging me at the same time...
> 
> An excerpt of my logs:
> ----- 8< ------
> Oct 10 08:13:28 localhost ippl: ICMP message type echo 
> request from 212.62.17.145
> Oct 10 08:13:28 localhost ippl: ICMP message type echo 
> request from 64.14.117.10
> Oct 10 08:13:28 localhost ippl: ICMP message type echo 
> request from 64.15.251.198
> Oct 10 08:13:28 localhost ippl: ICMP message type echo 
> request from 208.185.54.14
> Oct 10 08:13:28 localhost ippl: ICMP message type echo 
> request from 62.4.74.66
> Oct 10 08:13:28 localhost ippl: ICMP message type echo 
> request from 213.61.6.2
> Oct 10 08:13:28 localhost ippl: ICMP message type echo 
> request from 64.0.96.12
> Oct 10 08:13:28 localhost ippl: ICMP message type echo 
> request from 204.176.88.5
> Oct 10 08:13:28 localhost ippl: ICMP message type echo 
> request from 65.119.25.162
> Oct 10 08:13:28 localhost ippl: ICMP message type echo 
> request from 64.124.186.66
> Oct 10 08:13:28 localhost ippl: ICMP message type echo 
> request from 211.13.227.66
> ...
> Oct 10 11:40:07 localhost ippl: ICMP message type echo 
> request from 62.4.74.66
> Oct 10 11:40:07 localhost ippl: ICMP message type echo 
> request from 213.61.6.2
> Oct 10 11:40:07 localhost ippl: ICMP message type echo 
> request from 212.62.17.145
> Oct 10 11:40:07 localhost ippl: ICMP message type echo 
> request from 64.14.117.10
> Oct 10 11:40:07 localhost ippl: ICMP message type echo 
> request from 66.28.34.130
> Oct 10 11:40:07 localhost ippl: ICMP message type echo 
> request from 208.185.54.14
> Oct 10 11:40:07 localhost ippl: ICMP message type echo 
> request from 64.15.251.198
> Oct 10 11:40:07 localhost ippl: ICMP message type echo 
> request from 64.0.96.12
> Oct 10 11:40:07 localhost ippl: ICMP message type echo 
> request from 64.28.86.226
> Oct 10 11:40:07 localhost ippl: ICMP message type echo 
> request from 65.119.25.162
> Oct 10 11:40:07 localhost ippl: ICMP message type echo 
> request from 204.176.88.5
> ....
> Oct 10 17:30:49 localhost ippl: ICMP message type echo 
> request from 64.15.251.198
> Oct 10 17:30:49 localhost ippl: ICMP message type echo 
> request from 208.185.54.14
> Oct 10 17:30:49 localhost ippl: ICMP message type echo 
> request from 62.4.74.66
> Oct 10 17:30:49 localhost ippl: ICMP message type echo 
> request from 65.119.25.162
> Oct 10 17:30:49 localhost ippl: ICMP message type echo 
> request from 213.61.6.2
> Oct 10 17:30:49 localhost ippl: ICMP message type echo 
> request from 64.0.96.12
> Oct 10 17:30:49 localhost ippl: ICMP message type echo 
> request from 212.0.126.130
> Oct 10 17:30:49 localhost ippl: ICMP message type echo 
> request from 208.184.139.82
> Oct 10 17:30:49 localhost ippl: ICMP message type echo 
> request from 204.176.88.5
> Oct 10 17:30:49 localhost ippl: ICMP message type echo 
> request from 211.13.227.66
> Oct 10 17:30:49 localhost ippl: ICMP message type echo 
> request from 64.14.117.10
> Oct 10 17:30:49 localhost ippl: ICMP message type echo 
> request from 212.62.17.145
> Oct 10 17:30:49 localhost ippl: ICMP message type echo 
> request from 64.124.186.66
> Oct 10 17:30:49 localhost ippl: ICMP message type echo 
> request from 211.169.245.98
> ----- 8< ------
> 
> Thank you very much in advance.
> Bye!
> 
>  MA Varó.
> ______________________________________________________
> Consigue tu e-mail gratuito en Lycos. Entra en http://www.lycos.es
> Consigue tu propio Hosting y Dominio al mejor precio: 
> http://webcenter.lycos.es/
> Elvis vs JXL ya a la venta 
> http://www.lycos.es/webguides/especial/elvis/
> 
>

Reply to:

Prev by Date: Re: base-passwd bug?
Next by Date: Re: synchronized pings
Previous by thread: A message from the future...???? (was: Re: synchronized pings)
Next by thread: Re[1]: synchronized pings
Index(es):
- Date
- Thread