[Dshield] Curious ICMP activity spurt

Ms. Judith Taylor jtaylor at acvna.org
Tue Oct 4 13:32:13 GMT 2005


Hi all,

This is the second time I've seen some unusual activity in my Linksys 
log. The sudden spate of entries in my *outgoing* log is:

2005/10/03 17:10:17 3/ICMP from 10.69.1.108 to 198.234.121.103 Dropping 
ICMP error message. Original UDP from 198.234.121.103:9622 to 
69.58.15.148:6970

It lasts only for a few minutes. The last entry is:

2005/10/03 17:12:59 3/ICMP from 10.69.1.108 to 198.234.121.103 Dropping 
ICMP error message. Original UDP from 198.234.121.103:9623 to 
69.58.15.148:6971

In between the start and finish, there are entries of this nature 
happening once or twice *per second* and as such I'm a little concerned. 
When i ran the various AV and anti-spyware programs, I found nothing. 
Mind you, this is a Win98SE box and about to be 'decomissioned' as it 
were. But i'm still curious about if anyone else has seen this kind of 
thing. Both of the ports are listed as "unassigned" as far as IANA is 
concerned and the IP address (according to ARIN) is part of OARnet's block.

On the Incoming side of things, which I think triggered the response, 
starts at:

2005/10/03 17:09:13 UDP from 198.234.121.103:9622 to 69.58.15.148:6970

And ends at:

2005/10/03 17:09:34 UDP from 198.234.121.103:9622 to 69.58.15.148:6970

Any insights into this activity would be welcomed.

-- 
Ms. Judith Taylor    ::: To reply remove the NO.SPAM. :::
Appalachian Community Visiting Nurse Assoc.,
Hospice and Health Services, Inc.
740.594.8226    http://www.acvna.org


More information about the list mailing list