[Dshield] New ICMP Scans?

tim0707@comcast.net tim0707 at comcast.net
Mon Jan 12 15:27:03 GMT 2004


Over the weekend, I saw a huge amount of ICMP echo requests with a payload of EEEEEEE...  

Here's what the packet looked like:

4500 003c 70fd 0000 2d01 78b6 d240 2d40
xxxx ffb6 0800 932b 0200 0e80 4545 4545
4545 4545 4545 4545 4545 4545 4545 4545
4545 4545 4545 4545 4545 4545

I received about 500,000 alerts on the 11th.  The part that has me curious is that the scans were very similar to Nachi scans in that they were sequential.  They all triggered the eEye Retina Scan alert on my sensor, because of the payload, but I'm not sure what they are. 

Most of the traffic has been coming from Tawain, but I have seen some from Sweden and Romania too.

Has anyone else been seeing this kind of traffic recently?  What do you think it is?

Thanks,
Tim Kroeger




More information about the list mailing list