[Dshield] Re: Abnormal ICMP Traffic -- Please advise

Tom Liston tliston at premmag.com
Mon Mar 1 21:25:24 GMT 2004


Eric-

I beat my head against this one at the beginning of last year.  I believe 
that these packets are sourced by Compaq Insight Manager (CIM).  My 
network was being pummeled by a misconfigured system at the beginning of 
last year, with packets that had the same M.O...  ICMP Pings with the IP 
address of the pinged machine as text within the payload of the echo 
request.

-TL

On 1 Mar 2004 at 11:56, Eric Hines wrote:

> 3. These packets seem to be mapping our network? Anyone seen this payload
> before? The destination IP Address is actually in the payload of the
> packet.




More information about the list mailing list