|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Weird Ping requests
From: Erick Brockway (ebrockway
EARTHLINK.NET)Date: Sat Apr 22 2000 - 01:15:54 CDT
- Next message: Anton Chuvakin: "Re: Tools to analyze...:SUMMARY and trojaned file attached"
- Previous message: Jose Nazario: "Web scans from umu.se"
- In reply to: Richard Bejtlich: "Re: Weird Ping requests"
- Reply: Erick Brockway: "Re: Weird Ping requests"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Well, I do forward a lot of spam complaints, mostly the Whack-A-Mole
dialups, but my IP is dynamic, so who would know where I'd be? Besides that,
no.
----- Original Message -----
From: "Richard Bejtlich" <bejtlichTEXAS.NET>
To: <INCIDENTSSECURITYFOCUS.COM>
Sent: Tuesday, April 18, 2000 12:36 PM
Subject: Re: Weird Ping requests
> Erick,
>
> This may be the result of someone trying a Smurf-type attack
> upon your machine. I resolved your IP and saw it was an
> Earthlink dial-up. Did you take any actions which might
> cause someone to Smurf you? Typically we see this with IRC
> warfare or against high profile web servers, etc.
>
> Richard
>
> -----
>
> Looked at my AtGuard log last night, and something weird
> showed up there.
> Started with;
> 4/15/00 19:36:46.383 NDIS Filter Rule "Default Inbound
> ICMP" permitted (206.204.217.22,0). Details:
> Inbound ICMP request
> Local address is (209.178.128.182)
> Remote address is (206.204.217.22)
> Message type is "Echo Reply"
>
> Erick Brockway
>
- Next message: Anton Chuvakin: "Re: Tools to analyze...:SUMMARY and trojaned file attached"
- Previous message: Jose Nazario: "Web scans from umu.se"
- In reply to: Richard Bejtlich: "Re: Weird Ping requests"
- Reply: Erick Brockway: "Re: Weird Ping requests"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]