[Dshield] Pings

Paul Marsh pmarsh at nmefdn.org
Fri Oct 31 16:23:26 GMT 2003


Sorry I'm not capturing anything at this time just noticing the activity
on my firewall.

10/31/2003 11:15:39.944 ICMP packet dropped 209.215.101.134, 8, WAN
xxx.xxx.xxx.xxx, LAN 'Ping' 36 
10/31/2003 11:14:24.464 ICMP packet dropped 209.215.136.220, 8, WAN
xxx.xxx.xxx.xxx, LAN 'Ping' 36 
10/31/2003 11:13:13.384 ICMP packet dropped 209.210.86.66, 8, WAN
xxx.xxx.xxx.xxx, LAN 'Ping' 36 
10/31/2003 11:11:12.336 ICMP packet dropped 209.210.84.72, 8, WAN
xxx.xxx.xxx.xxx, LAN 'Ping' 36 
10/31/2003 11:10:04.192 ICMP packet dropped 209.214.130.59, 8, WAN
xxx.xxx.xxx.xxx, LAN 'Ping' 36 
10/31/2003 11:08:48.272 ICMP packet dropped 209.214.0.12, 8, WAN
1xxx.xxx.xxx.xxx, LAN 'Ping' 36 
10/31/2003 11:07:07.624 ICMP packet dropped 209.214.142.213, 8, WAN
xxx.xxx.xxx.xxx, LAN 'Ping' 36 
10/31/2003 11:06:03.400 ICMP packet dropped 209.210.150.37, 8, WAN
xxx.xxx.xxx.xxx, LAN 'Ping' 36 
10/31/2003 11:04:55.704 ICMP packet dropped 209.214.20.149, 8, WAN
xxx.xxx.xxx.xxx, LAN 'Ping' 36 
10/31/2003 11:03:15.176 ICMP packet dropped 209.210.34.176, 8, WAN
xxx.xxx.xxx.xxx, LAN 'Ping' 36 
10/31/2003 11:02:04.752 ICMP packet dropped 209.214.18.133, 8, WAN
xxx.xxx.xxx.xxx, LAN 'Ping' 36 
10/31/2003 11:00:31.496 ICMP packet dropped 209.214.23.243, 8, WAN
xxx.xxx.xxx.xxx, LAN 'Ping' 36 
10/31/2003 10:58:39.240 ICMP packet dropped 209.210.142.206, 8, WAN
xxx.xxx.xxx.xxx, LAN 'Ping' 36 
10/31/2003 10:54:46.752 ICMP packet dropped 209.214.17.132, 8, WAN
xxx.xxx.xxx.xxx, LAN 'Ping' 36 
10/31/2003 10:53:29.704 ICMP packet dropped 209.210.32.248, 8, WAN
xxx.xxx.xxx.xxx, LAN 'Ping' 36 
10/31/2003 10:51:58.272 ICMP packet dropped 209.215.162.132, 8, WAN
xxx.xxx.xxx.xxx, LAN 'Ping' 36 
10/31/2003 10:50:10.112 ICMP packet dropped 209.212.92.65, 8, WAN
xxx.xxx.xxx.xxx, LAN 'Ping' 36 
10/31/2003 10:48:59.896 ICMP packet dropped 209.214.16.240, 8, WAN
xxx.xxx.xxx.xxx, LAN 'Ping' 36 
10/31/2003 10:47:32.704 ICMP packet dropped 209.210.233.49, 8, WAN
xxx.xxx.xxx.xxx, LAN 'Ping' 36 
10/31/2003 10:45:44.816 ICMP packet dropped 209.210.143.5, 8, WAN
xxx.xxx.xxx.xxx, LAN 'Ping' 36 
10/31/2003 10:44:20.752 ICMP packet dropped 209.214.0.169, 8, WAN
xxx.xxx.xxx.xxx, LAN 'Ping' 36 
10/31/2003 10:43:06.928 ICMP packet dropped 209.210.143.231, 8, WAN
xxx.xxx.xxx.xxx, LAN 'Ping' 36 
10/31/2003 10:41:11.480 ICMP packet dropped 209.214.19.75, 8, WAN
xxx.xxx.xxx.xxx, LAN 'Ping' 36 
10/31/2003 10:40:02.368 ICMP packet dropped 209.214.64.41, 8, WAN
xxx.xxx.xxx.xxx, LAN 'Ping' 36 
10/31/2003 10:38:03.608 ICMP packet dropped 209.214.140.185, 8, WAN
xxx.xxx.xxx.xxx, LAN 'Ping' 36 
10/31/2003 10:35:53.864 ICMP packet dropped 208.60.240.59, 8, WAN
xxx.xxx.xxx.xxx, LAN 'Ping' 36 
10/31/2003 10:33:15.096 ICMP packet dropped 209.210.87.181, 8, WAN
xxx.xxx.xxx.xxx, LAN 'Ping' 36 
10/31/2003 10:30:39.144 ICMP packet dropped 209.214.168.109, 8, WAN
xxx.xxx.xxx.xxx, LAN 'Ping' 36 
10/31/2003 10:26:54.480 ICMP packet dropped 209.214.141.168, 8, WAN
xxx.xxx.xxx.xxx, LAN 'Ping' 36 
10/31/2003 10:22:41.624 ICMP packet dropped 209.210.140.222, 8, WAN
xxx.xxx.xxx.xxx, LAN 'Ping' 36 
10/31/2003 10:20:54.032 ICMP packet dropped 208.63.219.32, 8, WAN
xxx.xxx.xxx.xxx, LAN 'Ping' 36 
10/31/2003 10:18:09.848 ICMP packet dropped 209.212.219.61, 8, WAN
xxx.xxx.xxx.xxx, LAN 'Ping' 36 
10/31/2003 10:16:34.640 ICMP packet dropped 209.214.17.40, 8, WAN
xxx.xxx.xxx.xxx, LAN 'Ping' 36 
10/31/2003 10:15:18.768 ICMP packet dropped 209.214.1.17, 8, WAN
xxx.xxx.xxx.xxx, LAN 'Ping' 36 

-----Original Message-----
From: John Sage [mailto:jsage at finchhaven.com] 
Sent: Friday, October 31, 2003 11:12 AM
To: General DShield Discussion List
Cc: Paul Marsh
Subject: Re: [Dshield] Pings


Paul:

On Fri, Oct 31, 2003 at 08:22:11AM -0500, Paul Marsh wrote:
> Ok I've been under a rock for the past few weeks, kind of lost touch 
> with the list and what's been cook'in.  Now that I've got my head 
> above water for awhile can someone tell me what's going on with the 
> flood of ICMP pings I've been getting, is it a variant of Nachi or 
> something new?
> 
> Sorry for the post, I'll try to keep up.

It would be more than helpful if you would offer some sort of specific
details.

Pings?

uh... help us out, here.

What sort of pings?

Your question as currently framed is something like "I went outside
today, and there's clouds... what's up?"



- John
-- 
"Most people don't type their own logfiles;  but, what do I care?"
-
John Sage: InfoSec Groupie
-
ABCD, EFGH, IJKL, EmEnOh, Pplus+, Mminus-
-
ATTENTION: this entire message is privileged communication, intended for
the sole use of its recipients only. If you read it even though you know
you aren't supposed to, you're a poopy-head.




More information about the list mailing list