[Dshield] Strange ICMP traffic (many Host Unreachables, random destinations )

Jeff Miller jrm.wa at verizon.net
Mon Mar 18 15:40:33 GMT 2002


Weird traffic.  It sounds a little like a half hearted attempt at a DRDOS.
Hackers can get their bots to spoof packets using your IP's thereby
generating responses from random routers to you.  If done on a large scale
you can get slammed by that reply traffic.

Of course, it could be legitimate ICMP traffic in response to some requests
sent.

-----Original Message-----
From: list-admin at dshield.org [mailto:list-admin at dshield.org]On Behalf Of
Kelly Martin
Sent: Monday, March 18, 2002 6:46 AM
To: 'list at dshield.org'; 'incidents at securityfocus.org'
Subject: [Dshield] Strange ICMP traffic (many Host Unreachables, random
destinations )


<snip>   I don't understand the mechanism by which a router would generate
ICMP Host Unreachable messages
destined for IP addresses which are not in use, so if any one has any
enlightening comments, I would appreciate it.  Is this a scan of some sort?




More information about the list mailing list