[Dshield] ping DoS?

security@admin.fulgan.com security at admin.fulgan.com
Mon Aug 18 17:31:22 GMT 2003


It might be linked to the "strange ping" logged my several people in this list: do you have a packet dump of one of these pings, so it can be compraed with the others ?

Good luck,
Stephane

> At about 12:15 PM today, our internal WAN (includes multiple customers on
> their own subnets) seems to have been hit by some kind of ping DoS worm. 
> In my firewall logs, I saw HUGE amounts of pings coming from multiple hosts
> in all (or at least most) of our internal subnets.  The pings seem to
> target nearby subnets (192.168.x.x, and some 192.165.x.x are what I saw
> most of).  We are running Symantec Enterprise Firewall, which has a ping
> proxy.  This proxy on both firewalls was overwhelmed, and this resulted in
> a practical DoS on our ASP servers.  I added a ping deny filter on the
> internal interfaces on our firewalls, and things are accessible now, but
> we're still working on tracing down these pings.  Does anyone know of a
> worm, or anything else, that would do this?
> 
> 
> -----------------
> Matt Harrell
> Plexus Systems
> mhar at plex.com 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list