[Dshield] Curious ICMP activity spurt
Ms. Judith Taylor
jtaylor at acvna.org
Tue Oct 4 13:32:13 GMT 2005
This is the second time I've seen some unusual activity in my Linksys
log. The sudden spate of entries in my *outgoing* log is:
2005/10/03 17:10:17 3/ICMP from 10.69.1.108 to 220.127.116.11 Dropping
ICMP error message. Original UDP from 18.104.22.168:9622 to
It lasts only for a few minutes. The last entry is:
2005/10/03 17:12:59 3/ICMP from 10.69.1.108 to 22.214.171.124 Dropping
ICMP error message. Original UDP from 126.96.36.199:9623 to
In between the start and finish, there are entries of this nature
happening once or twice *per second* and as such I'm a little concerned.
When i ran the various AV and anti-spyware programs, I found nothing.
Mind you, this is a Win98SE box and about to be 'decomissioned' as it
were. But i'm still curious about if anyone else has seen this kind of
thing. Both of the ports are listed as "unassigned" as far as IANA is
concerned and the IP address (according to ARIN) is part of OARnet's block.
On the Incoming side of things, which I think triggered the response,
2005/10/03 17:09:13 UDP from 188.8.131.52:9622 to 184.108.40.206:6970
And ends at:
2005/10/03 17:09:34 UDP from 220.127.116.11:9622 to 18.104.22.168:6970
Any insights into this activity would be welcomed.
Ms. Judith Taylor ::: To reply remove the NO.SPAM. :::
Appalachian Community Visiting Nurse Assoc.,
Hospice and Health Services, Inc.
More information about the list