[Dshield] BIG Jump in Ping Sweeps

rgolodner at infratection.com rgolodner at infratection.com
Fri Jan 5 23:26:21 GMT 2007


 Could be that it was evrybody playing with their new holiday gifts, or trying to configure them anyway. 
>-----Original Message-----
>From: Jon R. Kibler [mailto:Jon.Kibler at aset.com]
>Sent: Friday, January 5, 2007 05:18 PM
>To: 'General DShield Discussion List'
>Subject: [Dshield] BIG Jump in Ping Sweeps
>
>Hi,
>
>For the last few months, ICMP traffic has usually accounted for less than 30% of all blocked traffic. Then, about a week ago, the relative amount of ICMP traffic started to increase. Last week, it accounted for just under 40%. It has slowly increased all week. For Wednesday and Thursday, it was about 45%. Today, it has jumped to just under 75%!
>
>Any idea what is going on with ICMP traffic? Over 99.8% is ping sweeps. It seems to be coming from everywhere. Every IP we own or monitor seems to be targeted evenly. Here is a summary so far today:
>
>CIDR % ICMP
>
>============== ======
>
>4.182.x.x/16 0.79%
>
>24.178.x.x/16 0.93%
>
>24.196.x.x/16 0.04%
>
>24.201.x.x/16 0.04%
>
>24.203.x.x/16 1.19%
>
>24.231.x.x/16 1.33%
>
>24.237.x.x/16 0.44%
>
>58.22.x.x/16 0.04%
>
>58.226.x.x/16 0.84%
>
>58.233.x.x/16 0.57%
>
>59.187.x.x/16 0.48%
>
>59.34.x.x/16 0.75%
>
>59.40.x.x/16 0.22%
>
>59.6.x.x/16 0.93%
>
>60.48.x.x/16 1.15%
>
>60.50.x.x/16 0.79%
>
>61.228.x.x/16 0.04%
>
>61.244.x.x/16 0.44%
>
>61.30.x.x/16 0.04%
>
>61.51.x.x/16 0.17%
>
>61.63.x.x/16 0.70%
>
>61.64.x.x/16 0.04%
>
>62.101.x.x/16 0.04%
>
>62.21.x.x/16 1.02%
>
>64.164.x.x/16 0.17%
>
>64.18.x.x/16 1.95%
>
>64.194.x.x/16 0.04%
>
>64.31.x.x/16 0.48%
>
>65.111.x.x/16 0.04%
>
>65.143.x.x/16 0.44%
>
>65.196.x.x/16 0.35%
>
>65.66.x.x/16 0.44%
>
>66.103.x.x/16 0.26%
>
>66.168.x.x/16 0.04%
>
>66.206.x.x/16 0.53%
>
>66.214.x.x/16 0.08%
>
>67.14.x.x/16 0.04%
>
>67.141.x.x/16 0.17%
>
>67.149.x.x/16 0.08%
>
>68.112.x.x/16 0.04%
>
>68.147.x.x/16 0.04%
>
>68.160.x.x/16 0.75%
>
>68.176.x.x/16 0.04%
>
>68.62.x.x/16 0.04%
>
>68.79.x.x/16 0.04%
>
>68.86.x.x/16 0.04%
>
>69.157.x.x/16 0.04%
>
>69.3.x.x/16 0.88%
>
>69.63.x.x/16 0.35%
>
>69.70.x.x/16 0.62%
>
>71.102.x.x/16 0.04%
>
>71.126.x.x/16 0.04%
>
>71.165.x.x/16 0.04%
>
>71.29.x.x/16 0.39%
>
>71.68.x.x/16 0.04%
>
>71.96.x.x/16 0.04%
>
>72.4.x.x/16 0.66%
>
>72.91.x.x/16 0.04%
>
>74.105.x.x/16 0.04%
>
>74.56.x.x/16 1.02%
>
>75.31.x.x/16 0.08%
>
>75.4.x.x/16 0.04%
>
>77.177.x.x/16 0.26%
>
>80.121.x.x/16 0.93%
>
>80.183.x.x/16 0.26%
>
>81.182.x.x/16 0.17%
>
>81.99.x.x/16 0.26%
>
>82.146.x.x/16 1.37%
>
>82.194.x.x/16 0.66%
>
>82.236.x.x/16 0.31%
>
>82.64.x.x/16 0.48%
>
>82.78.x.x/16 0.97%
>
>83.194.x.x/16 0.97%
>
>83.216.x.x/16 0.70%
>
>83.22.x.x/16 0.35%
>
>83.27.x.x/16 0.97%
>
>83.29.x.x/16 0.08%
>
>83.5.x.x/16 0.48%
>
>83.52.x.x/16 0.66%
>
>83.8.x.x/16 0.79%
>
>83.92.x.x/16 0.84%
>
>83.94.x.x/16 0.93%
>
>84.104.x.x/16 0.26%
>
>84.105.x.x/16 0.66%
>
>84.114.x.x/16 0.93%
>
>84.128.x.x/16 0.04%
>
>84.174.x.x/16 0.17%
>
>84.229.x.x/16 0.26%
>
>85.102.x.x/16 0.22%
>
>87.179.x.x/16 0.17%
>
>87.57.x.x/16 0.08%
>
>87.58.x.x/16 0.13%
>
>88.11.x.x/16 0.88%
>
>88.111.x.x/16 0.17%
>
>88.154.x.x/16 0.13%
>
>88.161.x.x/16 0.35%
>
>88.163.x.x/16 0.79%
>
>88.226.x.x/16 0.04%
>
>88.64.x.x/16 0.17%
>
>88.68.x.x/16 0.93%
>
>88.76.x.x/16 0.66%
>
>89.136.x.x/16 0.57%
>
>89.156.x.x/16 1.95%
>
>89.33.x.x/16 0.48%
>
>89.39.x.x/16 0.79%
>
>124.111.x.x/16 0.97%
>
>124.197.x.x/16 0.97%
>
>124.5.x.x/16 0.93%
>
>124.54.x.x/16 0.35%
>
>125.18.x.x/16 0.04%
>
>125.180.x.x/16 0.04%
>
>137.132.x.x/16 0.04%
>
>169.232.x.x/16 0.04%
>
>172.16.x.x/16 0.48%
>
>192.233.x.x/16 0.04%
>
>193.131.x.x/16 0.04%
>
>193.138.x.x/16 0.84%
>
>193.231.x.x/16 0.88%
>
>194.97.x.x/16 0.31%
>
>195.228.x.x/16 0.75%
>
>195.252.x.x/16 0.31%
>
>200.141.x.x/16 0.04%
>
>200.213.x.x/16 0.79%
>
>200.216.x.x/16 1.02%
>
>200.64.x.x/16 0.66%
>
>200.96.x.x/16 0.22%
>
>201.11.x.x/16 0.93%
>
>201.141.x.x/16 0.48%
>
>201.18.x.x/16 0.48%
>
>201.22.x.x/16 0.17%
>
>201.221.x.x/16 0.66%
>
>201.28.x.x/16 0.04%
>
>201.32.x.x/16 0.44%
>
>201.4.x.x/16 0.17%
>
>201.41.x.x/16 1.02%
>
>201.43.x.x/16 0.62%
>
>201.5.x.x/16 1.28%
>
>201.69.x.x/16 0.57%
>
>201.7.x.x/16 0.13%
>
>201.76.x.x/16 0.79%
>
>202.150.x.x/16 0.88%
>
>202.58.x.x/16 0.04%
>
>202.7.x.x/16 0.84%
>
>202.78.x.x/16 0.04%
>
>203.180.x.x/16 0.97%
>
>203.240.x.x/16 1.06%
>
>203.90.x.x/16 0.04%
>
>204.50.x.x/16 0.04%
>
>206.222.x.x/16 0.13%
>
>207.172.x.x/16 0.04%
>
>207.215.x.x/16 0.04%
>
>207.68.x.x/16 0.84%
>
>208.1.x.x/16 0.62%
>
>208.102.x.x/16 0.04%
>
>209.153.x.x/16 0.04%
>
>210.1.x.x/16 0.53%
>
>210.157.x.x/16 0.44%
>
>210.222.x.x/16 0.53%
>
>211.172.x.x/16 0.44%
>
>211.176.x.x/16 0.04%
>
>211.212.x.x/16 0.97%
>
>211.213.x.x/16 0.39%
>
>211.229.x.x/16 0.04%
>
>211.232.x.x/16 1.15%
>
>211.49.x.x/16 0.04%
>
>212.10.x.x/16 0.93%
>
>212.183.x.x/16 0.04%
>
>212.200.x.x/16 1.10%
>
>212.36.x.x/16 0.88%
>
>212.68.x.x/16 0.70%
>
>212.89.x.x/16 0.66%
>
>212.95.x.x/16 0.84%
>
>213.129.x.x/16 0.70%
>
>213.166.x.x/16 0.08%
>
>213.169.x.x/16 1.02%
>
>213.87.x.x/16 0.04%
>
>216.46.x.x/16 0.04%
>
>217.125.x.x/16 0.88%
>
>217.173.x.x/16 0.48%
>
>217.175.x.x/16 1.06%
>
>217.41.x.x/16 0.04%
>
>218.11.x.x/16 0.70%
>
>218.170.x.x/16 0.31%
>
>218.190.x.x/16 1.10%
>
>218.235.x.x/16 0.26%
>
>218.253.x.x/16 0.62%
>
>218.255.x.x/16 0.04%
>
>218.26.x.x/16 0.04%
>
>218.38.x.x/16 2.17%
>
>218.39.x.x/16 0.26%
>
>218.85.x.x/16 0.17%
>
>218.89.x.x/16 0.04%
>
>218.92.x.x/16 0.04%
>
>218.94.x.x/16 0.66%
>
>219.249.x.x/16 1.02%
>
>219.254.x.x/16 0.04%
>
>219.255.x.x/16 0.04%
>
>220.134.x.x/16 0.57%
>
>220.135.x.x/16 0.04%
>
>221.142.x.x/16 0.75%
>
>221.212.x.x/16 0.79%
>
>221.246.x.x/16 0.79%
>
>222.106.x.x/16 0.57%
>
>222.107.x.x/16 0.97%
>
>222.112.x.x/16 1.15%
>
>222.236.x.x/16 0.97%
>
>222.5.x.x/16 0.84%
>
>
>Anyone else seeing a big ping sweep jump?
>
>Jon
>-- 
>Jon R. Kibler
>Chief Technical Officer
>A.S.E.T., Inc.
>Charleston, SC USA
>(843) 849-8214
>
>
>
>
>==================================================
>Filtered by: TRUSTEM.COM's Email Filtering Service
>http://www.trustem.com/
>No Spam. No Viruses. Just Good Clean Email.
>
>


More information about the list mailing list