[Dshield] Ping of death?

Mark Warner warner at neb.com
Fri Oct 31 16:15:24 GMT 2003


I got an unusual blast from a machine (i assume)  from Austrailia.
Source port was always 63775
Random destination port
  approx 200 hits per second totalling 15000 consecutive hits. in 6 minutes

Has anyone seen this kind of attack?

Oct 30 13:10:33 seq.neb.com gfw: [ID 702911 kern.info] securityalert: tcp 
if=eri1 from 203.15.51.46:63775 to 198.112.82.2 on unserved port 59057
Oct 30 13:10:33 seq.neb.com gfw: [ID 702911 kern.info] securityalert: tcp 
if=eri1 from 203.15.51.46:63775 to 198.112.82.2 on unserved port 44738
Oct 30 13:10:33 seq.neb.com gfw: [ID 702911 kern.info] securityalert: tcp 
if=eri1 from 203.15.51.46:63775 to 198.112.82.2 on unserved port 51664
Oct 30 13:10:34 seq.neb.com gfw: [ID 702911 kern.info] securityalert: tcp 
if=eri1 from 203.15.51.46:63775 to 198.112.82.2 on unserved port 43014
Oct 30 13:10:34 seq.neb.com gfw: [ID 702911 kern.info] securityalert: tcp 
if=eri1 from 203.15.51.46:63775 to 198.112.82.2 on unserved port 42259
Oct 30 13:10:34 seq.neb.com gfw: [ID 702911 kern.info] securityalert: tcp 
if=eri1 from 203.15.51.46:63775 to 198.112.82.2 on unserved port 63462
Oct 30 13:10:34 seq.neb.com gfw: [ID 702911 kern.info] securityalert: tcp 
if=eri1 from 203.15.51.46:63775 to 198.112.82.2 on unserved port 22317
Oct 30 13:10:34 seq.neb.com gfw: [ID 702911 kern.info] securityalert: tcp 
if=eri1 from 203.15.51.46:63775 to 198.112.82.2 on unserved port 47685
Oct 30 13:10:34 seq.neb.com gfw: [ID 702911 kern.info] securityalert: tcp 
if=eri1 from 203.15.51.46:63775 to 198.112.82.2 on unserved port 7408
Oct 30 13:10:34 seq.neb.com gfw: [ID 702911 kern.info] securityalert: tcp 
if=eri1 from 203.15.51.46:63775 to 198.112.82.2 on unserved port 19334
Oct 30 13:10:34 seq.neb.com gfw: [ID 702911 kern.info] securityalert: tcp 
if=eri1 from 203.15.51.46:63775 to 198.112.82.2 on unserved port 39468
Oct 30 13:10:34 seq.neb.com gfw: [ID 702911 kern.info] securityalert: tcp 
if=eri1 from 203.15.51.46:63775 to 198.112.82.2 on unserved port 64291
Oct 30 13:10:34 seq.neb.com gfw: [ID 702911 kern.info] securityalert: tcp 
if=eri1 from 203.15.51.46:63775 to 198.112.82.2 on unserved port 28151






More information about the list mailing list