[Dshield] Is this SoBig.F fallout?

Ronnie & Stacy Clark rsclark at kingwoodcable.net
Sun Aug 24 05:16:36 GMT 2003


Hello all, 

I am seeing a TON of these types of packets hitting my home network.
Snort calls them "ICMP PING Cyberkit 2.2 Windows". Is this fallout from
SoBig.F? MS Blaster? 

Thanks,
Ron Clark

00:06:06.974552 24.209.25.214 > aaa.bbb.ccc.xxx: icmp: echo request
0x0000   4500 005c 719e 0000 6e01 0699 18d1 19d6        E..\q...n.......
0x0010   aabb ccxx 0800 3524 0200 6b86 aaaa aaaa        ......5$..k.....
0x0020   aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa        ................
0x0030   aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa        ................
0x0040   aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa        ................
0x0050   aaaa aaaa aaaa aaaa aaaa aaaa                  ............
00:06:14.215425 24.206.136.95 > aaa.bbb.ccc.xxx: icmp: echo request
0x0000   4500 005c d0eb 0000 7f01 27c5 18ce 885f        E..\......'...._
0x0010   aabb ccxx 0800 6014 0200 4096 aaaa aaaa        ......`... at .....
0x0020   aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa        ................
0x0030   aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa        ................
0x0040   aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa        ................
0x0050   aaaa aaaa aaaa aaaa aaaa aaaa                  ............
00:06:27.463144 24.205.143.188 > aaa.bbb.ccc.xxx: icmp: echo request
0x0000   4500 005c 862b 0000 7001 7a29 18cd 8fbc        E..\.+..p.z)....
0x0010   aabb ccxx 0800 c441 0200 dc68 aaaa aaaa        .......A...h....
0x0020   aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa        ................
0x0030   aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa        ................
0x0040   aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa        ................
0x0050   aaaa aaaa aaaa aaaa aaaa aaaa                  ............
00:06:35.421941 24.203.77.45 > aaa.bbb.ccc.xxx: icmp: echo request
0x0000   4500 005c 8db7 0000 6e01 b72e 18cb 4d2d        E..\....n.....M-
0x0010   aabb ccxx 0800 3162 0300 6e48 aaaa aaaa        ......1b..nH....
0x0020   aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa        ................
0x0030   aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa        ................
0x0040   aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa        ................
0x0050   aaaa aaaa aaaa aaaa aaaa aaaa                  ............
00:06:41.573507 24.209.37.17 > aaa.bbb.ccc.xxx: icmp: echo request
0x0000   4500 005c 5a5c 0000 6e01 12a0 18d1 2511        E..\Z\..n.....%.
0x0010   aabb ccxx 0800 c1d9 0200 ded0 aaaa aaaa        ................
0x0020   aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa        ................
0x0030   aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa        ................
0x0040   aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa        ................
0x0050   aaaa aaaa aaaa aaaa aaaa aaaa                  ............




More information about the list mailing list