[Dshield] Strange ICMP traffic (many Host Unreachables, random destinations )
jrm.wa at verizon.net
Mon Mar 18 15:40:33 GMT 2002
Weird traffic. It sounds a little like a half hearted attempt at a DRDOS.
Hackers can get their bots to spoof packets using your IP's thereby
generating responses from random routers to you. If done on a large scale
you can get slammed by that reply traffic.
Of course, it could be legitimate ICMP traffic in response to some requests
From: list-admin at dshield.org [mailto:list-admin at dshield.org]On Behalf Of
Sent: Monday, March 18, 2002 6:46 AM
To: 'list at dshield.org'; 'incidents at securityfocus.org'
Subject: [Dshield] Strange ICMP traffic (many Host Unreachables, random
<snip> I don't understand the mechanism by which a router would generate
ICMP Host Unreachable messages
destined for IP addresses which are not in use, so if any one has any
enlightening comments, I would appreciate it. Is this a scan of some sort?
More information about the list