[Dshield] ICMP Issue

Chateauneuf dupape at bellatlantic.net
Wed Mar 12 17:56:47 GMT 2003


Although very rare, I have been trying to sort out why, when I visit 
certain web sites, I receive a flood of ICMP traffic. Is this intrusive? 
Does it compromise either security or privacy? You folks know a lot more 
than I do. Any ideas?

I am unable to identify the type of ICMP. My setup drops the requests and 
logs ICMP - that's it.. Here's an example which occurred today when I 
visited an HP site. some of the unresolved IPs are Yipes.com or 
Speedera.com. Notably, none of the IPs belong to HP and I get the same 
result if I repeat the browse.

2003-03-12 10:33:31 -05:00	205.158.108.194 
{x194.cd9e6c.sj.concentric.net}:->>151.202.16.167:	ICMP
2003-03-12 10:33:31 -05:00	209.120.155.226 {unresolved}:->>151.202.16.167:	ICMP
2003-03-12 10:33:31 -05:00	209.120.195.34 {unresolved}:->>151.202.16.167:	ICMP
2003-03-12 10:33:31 -05:00	64.35.7.130 {s7-130.9natmp}:->>151.202.16.167:	ICMP
2003-03-12 10:33:31 -05:00	212.62.17.145 {unresolved}:->>151.202.16.167:	ICMP
2003-03-12 10:33:41 -05:00	205.158.108.194 
{x194.cd9e6c.sj.concentric.net}:->>151.202.16.167:	ICMP
2003-03-12 10:33:41 -05:00	209.120.155.226 {unresolved}:->>151.202.16.167:	ICMP
2003-03-12 10:33:41 -05:00	209.120.195.34 {unresolved}:->>151.202.16.167:	ICMP
2003-03-12 10:33:41 -05:00	64.35.7.130 {s7-130.9natmp}:->>151.202.16.167:	ICMP
2003-03-12 10:33:42 -05:00	212.62.17.145 {unresolved}:->>151.202.16.167:	ICMP
2003-03-12 10:33:51 -05:00	205.158.108.194 
{x194.cd9e6c.sj.concentric.net}:->>151.202.16.167:	ICMP
2003-03-12 10:33:51 -05:00	209.120.195.34 {unresolved}:->>151.202.16.167:	ICMP
2003-03-12 10:33:51 -05:00	209.120.155.226 {unresolved}:->>151.202.16.167:	ICMP
2003-03-12 10:33:51 -05:00	64.35.7.130 {s7-130.9natmp}:->>151.202.16.167:	ICMP
2003-03-12 10:33:53 -05:00	212.62.17.145 {unresolved}:->>151.202.16.167:	ICMP 



More information about the list mailing list