[Dshield] BIG Jump in Ping Sweeps

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Fri Jan 5 22:44:07 GMT 2007


On Fri, 05 Jan 2007 17:18:27 EST, "Jon R. Kibler" said:

> For the last few months, ICMP traffic has usually accounted for less than 30%
> of all blocked traffic. Then, about a week ago, the relative amount of ICMP
> traffic started to increase. Last week, it accounted for just under 40%. It has
> slowly increased all week. For Wednesday and Thursday, it was about 45%. Today,
> it has jumped to just under 75%!

Did you remember to check whether the *other* blocked traffic has *dropped*,
leaving the constant ICMP traffic a larger portion of a smaller pie?

(I've seen this before - somebody was wondering why 100% of his blocked
traffic was UDP - turned out that his *real* problem was that the blocks
on TCP traffic had gotten disabled due to a config whoopsie....)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.sans.org/pipermail/list/attachments/20070105/022fe4ab/attachment.bin 


More information about the list mailing list