[Dshield] BIG Jump in Ping Sweeps

Jon R. Kibler Jon.Kibler at aset.com
Fri Jan 5 22:18:27 GMT 2007


Hi,

For the last few months, ICMP traffic has usually accounted for less than 30% of all blocked traffic. Then, about a week ago, the relative amount of ICMP traffic started to increase. Last week, it accounted for just under 40%. It has slowly increased all week. For Wednesday and Thursday, it was about 45%. Today, it has jumped to just under 75%!

Any idea what is going on with ICMP traffic? Over 99.8% is ping sweeps. It seems to be coming from everywhere. Every IP we own or monitor seems to be targeted evenly. Here is a summary so far today:

CIDR		% ICMP

==============	======

4.182.x.x/16	 0.79%

24.178.x.x/16	 0.93%

24.196.x.x/16	 0.04%

24.201.x.x/16	 0.04%

24.203.x.x/16	 1.19%

24.231.x.x/16	 1.33%

24.237.x.x/16	 0.44%

58.22.x.x/16	 0.04%

58.226.x.x/16	 0.84%

58.233.x.x/16	 0.57%

59.187.x.x/16	 0.48%

59.34.x.x/16	 0.75%

59.40.x.x/16	 0.22%

59.6.x.x/16	 0.93%

60.48.x.x/16	 1.15%

60.50.x.x/16	 0.79%

61.228.x.x/16	 0.04%

61.244.x.x/16	 0.44%

61.30.x.x/16	 0.04%

61.51.x.x/16	 0.17%

61.63.x.x/16	 0.70%

61.64.x.x/16	 0.04%

62.101.x.x/16	 0.04%

62.21.x.x/16	 1.02%

64.164.x.x/16	 0.17%

64.18.x.x/16	 1.95%

64.194.x.x/16	 0.04%

64.31.x.x/16	 0.48%

65.111.x.x/16	 0.04%

65.143.x.x/16	 0.44%

65.196.x.x/16	 0.35%

65.66.x.x/16	 0.44%

66.103.x.x/16	 0.26%

66.168.x.x/16	 0.04%

66.206.x.x/16	 0.53%

66.214.x.x/16	 0.08%

67.14.x.x/16	 0.04%

67.141.x.x/16	 0.17%

67.149.x.x/16	 0.08%

68.112.x.x/16	 0.04%

68.147.x.x/16	 0.04%

68.160.x.x/16	 0.75%

68.176.x.x/16	 0.04%

68.62.x.x/16	 0.04%

68.79.x.x/16	 0.04%

68.86.x.x/16	 0.04%

69.157.x.x/16	 0.04%

69.3.x.x/16	 0.88%

69.63.x.x/16	 0.35%

69.70.x.x/16	 0.62%

71.102.x.x/16	 0.04%

71.126.x.x/16	 0.04%

71.165.x.x/16	 0.04%

71.29.x.x/16	 0.39%

71.68.x.x/16	 0.04%

71.96.x.x/16	 0.04%

72.4.x.x/16	 0.66%

72.91.x.x/16	 0.04%

74.105.x.x/16	 0.04%

74.56.x.x/16	 1.02%

75.31.x.x/16	 0.08%

75.4.x.x/16	 0.04%

77.177.x.x/16	 0.26%

80.121.x.x/16	 0.93%

80.183.x.x/16	 0.26%

81.182.x.x/16	 0.17%

81.99.x.x/16	 0.26%

82.146.x.x/16	 1.37%

82.194.x.x/16	 0.66%

82.236.x.x/16	 0.31%

82.64.x.x/16	 0.48%

82.78.x.x/16	 0.97%

83.194.x.x/16	 0.97%

83.216.x.x/16	 0.70%

83.22.x.x/16	 0.35%

83.27.x.x/16	 0.97%

83.29.x.x/16	 0.08%

83.5.x.x/16	 0.48%

83.52.x.x/16	 0.66%

83.8.x.x/16	 0.79%

83.92.x.x/16	 0.84%

83.94.x.x/16	 0.93%

84.104.x.x/16	 0.26%

84.105.x.x/16	 0.66%

84.114.x.x/16	 0.93%

84.128.x.x/16	 0.04%

84.174.x.x/16	 0.17%

84.229.x.x/16	 0.26%

85.102.x.x/16	 0.22%

87.179.x.x/16	 0.17%

87.57.x.x/16	 0.08%

87.58.x.x/16	 0.13%

88.11.x.x/16	 0.88%

88.111.x.x/16	 0.17%

88.154.x.x/16	 0.13%

88.161.x.x/16	 0.35%

88.163.x.x/16	 0.79%

88.226.x.x/16	 0.04%

88.64.x.x/16	 0.17%

88.68.x.x/16	 0.93%

88.76.x.x/16	 0.66%

89.136.x.x/16	 0.57%

89.156.x.x/16	 1.95%

89.33.x.x/16	 0.48%

89.39.x.x/16	 0.79%

124.111.x.x/16	 0.97%

124.197.x.x/16	 0.97%

124.5.x.x/16	 0.93%

124.54.x.x/16	 0.35%

125.18.x.x/16	 0.04%

125.180.x.x/16	 0.04%

137.132.x.x/16	 0.04%

169.232.x.x/16	 0.04%

172.16.x.x/16	 0.48%

192.233.x.x/16	 0.04%

193.131.x.x/16	 0.04%

193.138.x.x/16	 0.84%

193.231.x.x/16	 0.88%

194.97.x.x/16	 0.31%

195.228.x.x/16	 0.75%

195.252.x.x/16	 0.31%

200.141.x.x/16	 0.04%

200.213.x.x/16	 0.79%

200.216.x.x/16	 1.02%

200.64.x.x/16	 0.66%

200.96.x.x/16	 0.22%

201.11.x.x/16	 0.93%

201.141.x.x/16	 0.48%

201.18.x.x/16	 0.48%

201.22.x.x/16	 0.17%

201.221.x.x/16	 0.66%

201.28.x.x/16	 0.04%

201.32.x.x/16	 0.44%

201.4.x.x/16	 0.17%

201.41.x.x/16	 1.02%

201.43.x.x/16	 0.62%

201.5.x.x/16	 1.28%

201.69.x.x/16	 0.57%

201.7.x.x/16	 0.13%

201.76.x.x/16	 0.79%

202.150.x.x/16	 0.88%

202.58.x.x/16	 0.04%

202.7.x.x/16	 0.84%

202.78.x.x/16	 0.04%

203.180.x.x/16	 0.97%

203.240.x.x/16	 1.06%

203.90.x.x/16	 0.04%

204.50.x.x/16	 0.04%

206.222.x.x/16	 0.13%

207.172.x.x/16	 0.04%

207.215.x.x/16	 0.04%

207.68.x.x/16	 0.84%

208.1.x.x/16	 0.62%

208.102.x.x/16	 0.04%

209.153.x.x/16	 0.04%

210.1.x.x/16	 0.53%

210.157.x.x/16	 0.44%

210.222.x.x/16	 0.53%

211.172.x.x/16	 0.44%

211.176.x.x/16	 0.04%

211.212.x.x/16	 0.97%

211.213.x.x/16	 0.39%

211.229.x.x/16	 0.04%

211.232.x.x/16	 1.15%

211.49.x.x/16	 0.04%

212.10.x.x/16	 0.93%

212.183.x.x/16	 0.04%

212.200.x.x/16	 1.10%

212.36.x.x/16	 0.88%

212.68.x.x/16	 0.70%

212.89.x.x/16	 0.66%

212.95.x.x/16	 0.84%

213.129.x.x/16	 0.70%

213.166.x.x/16	 0.08%

213.169.x.x/16	 1.02%

213.87.x.x/16	 0.04%

216.46.x.x/16	 0.04%

217.125.x.x/16	 0.88%

217.173.x.x/16	 0.48%

217.175.x.x/16	 1.06%

217.41.x.x/16	 0.04%

218.11.x.x/16	 0.70%

218.170.x.x/16	 0.31%

218.190.x.x/16	 1.10%

218.235.x.x/16	 0.26%

218.253.x.x/16	 0.62%

218.255.x.x/16	 0.04%

218.26.x.x/16	 0.04%

218.38.x.x/16	 2.17%

218.39.x.x/16	 0.26%

218.85.x.x/16	 0.17%

218.89.x.x/16	 0.04%

218.92.x.x/16	 0.04%

218.94.x.x/16	 0.66%

219.249.x.x/16	 1.02%

219.254.x.x/16	 0.04%

219.255.x.x/16	 0.04%

220.134.x.x/16	 0.57%

220.135.x.x/16	 0.04%

221.142.x.x/16	 0.75%

221.212.x.x/16	 0.79%

221.246.x.x/16	 0.79%

222.106.x.x/16	 0.57%

222.107.x.x/16	 0.97%

222.112.x.x/16	 1.15%

222.236.x.x/16	 0.97%

222.5.x.x/16	 0.84%


Anyone else seeing a big ping sweep jump?

Jon
-- 
Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC  USA
(843) 849-8214




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.



More information about the list mailing list