icmpinfo
I'm in need of a TCP/IP expert here to tell me if someone is
trying to spoof/ping flood me... I know someone has tried to 'big ping' me
several times due to the "couldn't get a free page" message on my console.
I've been running icmpinfo -vvv > /tmp/icmplog, and I'm getting alot of
ICMP_Dest_Unreachable messages. Is this normal? They're comming mostly
from localhost but also from other sites. Could someone please advise me
on what to do, or where to get some more info on how to find out where
these are comming from? Here are several of the 'pings' I've gotten.
Nov 25 18:31:42 ICMP_Dest_Unreachable[Port] < 127.0.0.1 [localhost] >
127.0.0.1
[localhost] sp=25861 dp=53 seq=0x0033adea sz=79(+20)
0000 : 4506 0063 06FD 0000 4001 7595 7F00 0001 E..c....@.u.....
0010 : 7F00 0001 0303 FB43 0000 0000 4500 0047 .......C....E..G
0020 : 06FC 0000 4011 75A8 7F00 0001 7F00 0001 ....@.u.........
0030 : 0565 0035 0033 ADEA 001A 0100 0001 0000 .e.5.3..........
0040 : 0000 0000 0136 0236 3103 3130 3203 32 .....6.61.102.2
Nov 25 18:18:43 ICMP_Dest_Unreachable[Port] < 127.0.0.1 [localhost] >
127.0.0.1
[localhost] sp=17669 dp=53 seq=0x00360a1f sz=82(+20)
0000 : 4506 0066 069F 0000 4001 75F0 7F00 0001 E..f....@.u.....
0010 : 7F00 0001 0303 FB46 0000 0000 4500 004A .......F....E..J
0020 : 069E 0000 4011 7603 7F00 0001 7F00 0001 ....@.v.........
0030 : 0545 0035 0036 0A1F 000A 0100 0001 0000 .E.5.6..........
0040 : 0000 0000 0332 3332 0331 3432 0331 3931 .....232.142.191
0050 : 0332 .2
Nov 25 18:38:28 ICMP_Dest_Unreachable[Port] < 127.0.0.1 [localhost] >
127.0.0.1
[localhost] sp=33285 dp=53 seq=0x0034380d sz=80(+20)
There was no data in the last entry to the file. The data of the
ping almost always seems to have an IP address in it. What can I do, or
am I being paranoid?
TIA,
mike...
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: