[Dshield] ping DoS?
security at admin.fulgan.com
Mon Aug 18 17:31:22 GMT 2003
It might be linked to the "strange ping" logged my several people in this list: do you have a packet dump of one of these pings, so it can be compraed with the others ?
> At about 12:15 PM today, our internal WAN (includes multiple customers on
> their own subnets) seems to have been hit by some kind of ping DoS worm.
> In my firewall logs, I saw HUGE amounts of pings coming from multiple hosts
> in all (or at least most) of our internal subnets. The pings seem to
> target nearby subnets (192.168.x.x, and some 192.165.x.x are what I saw
> most of). We are running Symantec Enterprise Firewall, which has a ping
> proxy. This proxy on both firewalls was overwhelmed, and this resulted in
> a practical DoS on our ASP servers. I added a ping deny filter on the
> internal interfaces on our firewalls, and things are accessible now, but
> we're still working on tracing down these pings. Does anyone know of a
> worm, or anything else, that would do this?
> Matt Harrell
> Plexus Systems
> mhar at plex.com
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
More information about the list