[Dshield] routing 192.168...?
dcherton at aei.ca
Mon May 2 03:57:29 GMT 2005
Yes it's a old one, what I am concern about is more why that address is
showing as a source.
I doubt very much it is from inside my network since it is at
home....and I am using another net...still...
I t append 28 times today, using the same private net I am using. I
allow only 4 IP on my net and the address used
for the attack is lock. I am using a new router/firewall, how can it be
false positive ?
Stephane Grobety wrote:
>Source IP means nothing: this is a "ping of death" packet, an ICMP
>echo request with a size greater than 65536 bytes. As such, it doesn't
>expect a response as the targeted machine will crash as soon as the
>packed is received if it is vulnerable.
>Now, the ping of death attack is really, really an old one: it date
>back from the mid-90's. I doubt very much that enough vulnerable
>systems are still in operation for this attack to be used by anyone
>but the most newbie of the script kiddies. This leads me to think that
>what you're seeing is a false positive.
>Out of curiosity, is the source IP address used in your own internal
>Sunday, April 24, 2005, 12:12:20 AM, you wrote:
>DC> I was looking at my firewall reports and noticed this line;
>DC> Apr/22/2005 15:31:12
>DC> Ping of Death Detect src:192.168.1.10:2961 dst:my-internet-ip:42617 Packet Dropped
>DC> anybody knows how that is possible ? I would think someone using the
>DC> same ISP is having fun !
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.11.0 - Release Date: 4/29/2005
More information about the list