[Dshield] Ping??? DOS???? From DELL.COM

Russell Washington russ.washington at vaultsentry.com
Thu Jun 20 21:55:14 GMT 2002


It's entirely possible that someone is spoofing the dell.com IPs... you may
want to consider dropping ICMP entirely until this passes.  You may find out
after doing so that there are other kinds of traffic involved in the
attack...

-----Original Message-----
From: Nick Calvert [mailto:ncalvert at edcodoc.com] 
Sent: Thursday, June 20, 2002 12:59 PM
To: 'list at dshield.org'
Subject: [Dshield] Ping??? DOS???? From DELL.COM



I am getting pinged to death from the following IP's  I have emailed Dell's
admin and there is no response.  What is going on here? I have started to
block their IP's to see if it will help the utilization of my firewall.
This has been going on for almost 3 hours. Please help, my firewall is
showing the following denied entries...  (this is just a few) 


06/20/02 14:06  firewalld[97]:  deny in eth0 64 icmp 20 51 143.166.218.8
66.148.250.xxx  8 0 (Ping) 
06/20/02 14:06  firewalld[97]:  deny in eth0 64 icmp 20 51 143.166.218.8
66.148.250.xxx  8 0 (Ping) 
06/20/02 14:06  firewalld[97]:  deny in eth0 64 icmp 20 51 143.166.218.8
66.148.250.xxx 8 0 (Ping) 
06/20/02 14:06  firewalld[97]:  deny in eth0 64 icmp 20 49 143.166.94.44
66.148.250.xxx 8 0 (Ping) 
06/20/02 14:06  firewalld[97]:  deny in eth0 64 icmp 20 49 143.166.94.44
66.148.250.xxx 8 0 (Ping) 
06/20/02 14:06  firewalld[97]:  deny in eth0 64 icmp 20 51 143.166.218.8
66.148.250.xxx 8 0 (Ping) 
06/20/02 14:40  firewalld[97]:  deny in eth0 64 icmp 20 51 143.166.218.8
66.148.250.xxx 8 0 (Ping) 
06/20/02 14:40  firewalld[97]:  deny in eth0 64 icmp 20 51 143.166.218.8
66.148.250.xxx 8 0 (Ping) 
06/20/02 14:40  firewalld[97]:  deny in eth0 64 icmp 20 51 143.166.218.8
66.148.250.xxx 8 0 (Ping) 
06/20/02 14:40  firewalld[97]:  deny in eth0 64 icmp 20 51 143.166.218.7
66.148.250.xxx 8 0 (Ping) 
06/20/02 14:40  firewalld[97]:  deny in eth0 64 icmp 20 49 143.166.94.43
66.148.250.xxx 8 0 (Ping) 
06/20/02 14:45  firewalld[97]:  deny in eth0 73 udp 20 50 143.166.224.19
66.148.250.xxx 44173 53 (blocked site) 
06/20/02 14:45  firewalld[97]:  deny in eth0 73 udp 20 50 143.166.224.19
66.148.250.xxx 44173 53 (blocked site) 
06/20/02 14:45  firewalld[97]:  deny in eth0 73 udp 20 50 143.166.224.19
66.148.250.xxx 44173 53 (blocked site) 
06/20/02 14:46  firewalld[97]:  deny in eth0 64 icmp 20 50 143.166.224.19
66.148.250.xxx  8 0 (blocked site) 
06/20/02 14:46  firewalld[97]:  deny in eth0 64 icmp 20 50 143.166.224.19
66.148.250.xxx 8 0 (blocked site) 
06/20/02 14:46  firewalld[97]:  deny in eth0 64 icmp 20 50 143.166.224.19
66.148.250.xxx 8 0 (blocked site) 
06/20/02 14:46  firewalld[97]:  deny in eth0 64 icmp 20 51 143.166.224.18
66.148.250.xxx 8 0 (Ping) 
06/20/02 14:46  firewalld[97]:  deny in eth0 64 icmp 20 51 143.166.224.18
66.148.250.xxx 8 0 (Ping) 
06/20/02 14:47  firewalld[97]:  deny in eth0 45 udp 20 50 143.166.224.19
66.148.250.xxx 44173 53 (blocked site) 
06/20/02 14:47  firewalld[97]:  deny in eth0 45 udp 20 50 143.166.224.19
66.148.250.xxx 44173 53 (blocked site) 
06/20/02 14:47  firewalld[97]:  deny in eth0 73 udp 20 50 143.166.224.19
66.148.250.xxx 44173 53 (blocked site) 
06/20/02 14:47  firewalld[97]:  deny in eth0 73 udp 20 50 143.166.224.19
66.148.250.xxx 44173 53 (blocked site) 
06/20/02 14:47  firewalld[97]:  deny in eth0 73 udp 20 50 143.166.224.19
66.148.250.xxx 44173 53 (blocked site) 
06/20/02 14:52  firewalld[97]:  deny in eth0 45 udp 20 51 143.166.224.18
66.148.250.xxx 52200 53 (blocked site) 
06/20/02 14:52  firewalld[97]:  deny in eth0 45 udp 20 51 143.166.224.18
66.148.250.xxx 52200 53 (blocked site) 
06/20/02 14:52  firewalld[97]:  deny in eth0 45 udp 20 51 143.166.224.18
66.148.250.xxx 52200 53 (blocked site) 
06/20/02 14:52  firewalld[97]:  deny in eth0 73 udp 20 51 143.166.224.18
66.148.250.xxx 52200 53 (blocked site) 
06/20/02 14:52  firewalld[97]:  deny in eth0 73 udp 20 51 143.166.224.18
66.148.250.xxx 52200 53 (blocked site) 
06/20/02 14:52  firewalld[97]:  deny in eth0 73 udp 20 51 143.166.224.18
66.148.250.xxx 52200 53 (blocked site) 
06/20/02 14:52  firewalld[97]:  deny in eth0 64 icmp 20 51 143.166.224.18
66.148.250.xxx 8 0 (blocked site) 
06/20/02 14:52  firewalld[97]:  deny in eth0 64 icmp 20 51 143.166.224.18
66.148.250.xxx 8 0 (blocked site) 
06/20/02 14:52  firewalld[97]:  deny in eth0 64 icmp 20 51 143.166.224.18
66.148.250.xxx 8 0 (blocked site) 
06/20/02 14:54  firewalld[97]:  deny in eth0 45 udp 20 50 143.166.224.19
66.148.250.xxx 44192 53 (blocked site) 
06/20/02 14:54  firewalld[97]:  deny in eth0 45 udp 20 50 143.166.224.19
66.148.250.xxx 44192 53 (blocked site) 
06/20/02 14:54  firewalld[97]:  deny in eth0 45 udp 20 50 143.166.224.19
66.148.250.xxx 44192 53 (blocked site) 
06/20/02 14:54  firewalld[97]:  deny in eth0 45 udp 20 51 143.166.224.18
66.148.250.xxx 52200 53 (blocked site) 
06/20/02 14:54  firewalld[97]:  deny in eth0 73 udp 20 50 143.166.224.19
66.148.250.xxx 44192 53 (blocked site) 
06/20/02 14:54  firewalld[97]:  deny in eth0 45 udp 20 51 143.166.224.18
66.148.250.xxx 52200 53 (blocked site) 
06/20/02 14:54  firewalld[97]:  deny in eth0 73 udp 20 50 143.166.224.19
66.148.250.xxx 44192 53 (blocked site) 
06/20/02 14:54  firewalld[97]:  deny in eth0 45 udp 20 51 143.166.224.18
66.148.250.xxx 52200 53 (blocked site) 
06/20/02 14:54  firewalld[97]:  deny in eth0 73 udp 20 50 143.166.224.19
66.148.250.xxx 44192 53 (blocked site) 
06/20/02 14:55  firewalld[97]:  deny in eth0 73 udp 20 51 143.166.224.18
66.148.250.xxx 52200 53 (blocked site) 
06/20/02 14:55  firewalld[97]:  deny in eth0 64 icmp 20 50 143.166.224.19
66.148.250.xxx 8 0 (blocked site) 
06/20/02 14:55  firewalld[97]:  deny in eth0 73 udp 20 51 143.166.224.18
66.148.250.xxx 52200 53 (blocked site) 
06/20/02 14:55  firewalld[97]:  deny in eth0 64 icmp 20 50 143.166.224.19
66.148.250.xxx 8 0 (blocked site) 
06/20/02 14:55  firewalld[97]:  deny in eth0 73 udp 20 51 143.166.224.18
66.148.250.xxx 52200 53 (blocked site) 
06/20/02 14:55  firewalld[97]:  deny in eth0 64 icmp 20 50 143.166.224.19
66.148.250.xxx 8 0 (blocked site) 
06/20/02 14:55  firewalld[97]:  deny in eth0 64 icmp 20 51 143.166.224.18
66.148.250.xxx 8 0 (blocked site) 
06/20/02 14:55  firewalld[97]:  deny in eth0 64 icmp 20 51 143.166.224.18
66.148.250.xxx 8 0 (blocked site) 
06/20/02 14:55  firewalld[97]:  deny in eth0 64 icmp 20 51 143.166.224.18
66.148.250.xxx 8 0 (blocked site) 




Nick 


Confidentiality Notice: This e-mail message (including any attachments) may
contain confidential and privileged information, and is for the sole use of
the intended recipient(s). Any unauthorized review, use, disclosure or
distribution is strictly prohibited. If you are not the intended recipient,
please notify the sender by replying to this e-mail message, and permanently
destroy all copies of the original message.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/list/attachments/20020620/6a60e5aa/attachment.htm


More information about the list mailing list