[Dshield] BIG Jump in Ping Sweeps

Glenn ve6rsx at gmail.com
Sat Jan 6 03:32:18 GMT 2007


My guess is the new release of nmap; it had some recent issues related to OS
detection using ICMP.

On 1/5/07, rgolodner at infratection.com <rgolodner at infratection.com> wrote:
>
>
> Could be that it was evrybody playing with their new holiday gifts, or
> trying to configure them anyway.
> >-----Original Message-----
> >From: Jon R. Kibler [mailto:Jon.Kibler at aset.com]
> >Sent: Friday, January 5, 2007 05:18 PM
> >To: 'General DShield Discussion List'
> >Subject: [Dshield] BIG Jump in Ping Sweeps
> >
> >Hi,
> >
> >For the last few months, ICMP traffic has usually accounted for less than
> 30% of all blocked traffic. Then, about a week ago, the relative amount of
> ICMP traffic started to increase. Last week, it accounted for just under
> 40%. It has slowly increased all week. For Wednesday and Thursday, it was
> about 45%. Today, it has jumped to just under 75%!
> >
> >Any idea what is going on with ICMP traffic? Over 99.8% is ping sweeps.
> It seems to be coming from everywhere. Every IP we own or monitor seems to
> be targeted evenly. Here is a summary so far today:
> >
> >CIDR % ICMP
> >
> >============== ======
> >
> >4.182.x.x/16 0.79%
> >
> >24.178.x.x/16 0.93%
> >
> >24.196.x.x/16 0.04%
> >
> >24.201.x.x/16 0.04%
> >
> >24.203.x.x/16 1.19%
> >
> >24.231.x.x/16 1.33%
> >
> >24.237.x.x/16 0.44%
> >
> >58.22.x.x/16 0.04%
> >
> >58.226.x.x/16 0.84%
> >
> >58.233.x.x/16 0.57%
> >
> >59.187.x.x/16 0.48%
> >
> >59.34.x.x/16 0.75%
> >
> >59.40.x.x/16 0.22%
> >
> >59.6.x.x/16 0.93%
> >
> >60.48.x.x/16 1.15%
> >
> >60.50.x.x/16 0.79%
> >
> >61.228.x.x/16 0.04%
> >
> >61.244.x.x/16 0.44%
> >
> >61.30.x.x/16 0.04%
> >
> >61.51.x.x/16 0.17%
> >
> >61.63.x.x/16 0.70%
> >
> >61.64.x.x/16 0.04%
> >
> >62.101.x.x/16 0.04%
> >
> >62.21.x.x/16 1.02%
> >
> >64.164.x.x/16 0.17%
> >
> >64.18.x.x/16 1.95%
> >
> >64.194.x.x/16 0.04%
> >
> >64.31.x.x/16 0.48%
> >
> >65.111.x.x/16 0.04%
> >
> >65.143.x.x/16 0.44%
> >
> >65.196.x.x/16 0.35%
> >
> >65.66.x.x/16 0.44%
> >
> >66.103.x.x/16 0.26%
> >
> >66.168.x.x/16 0.04%
> >
> >66.206.x.x/16 0.53%
> >
> >66.214.x.x/16 0.08%
> >
> >67.14.x.x/16 0.04%
> >
> >67.141.x.x/16 0.17%
> >
> >67.149.x.x/16 0.08%
> >
> >68.112.x.x/16 0.04%
> >
> >68.147.x.x/16 0.04%
> >
> >68.160.x.x/16 0.75%
> >
> >68.176.x.x/16 0.04%
> >
> >68.62.x.x/16 0.04%
> >
> >68.79.x.x/16 0.04%
> >
> >68.86.x.x/16 0.04%
> >
> >69.157.x.x/16 0.04%
> >
> >69.3.x.x/16 0.88%
> >
> >69.63.x.x/16 0.35%
> >
> >69.70.x.x/16 0.62%
> >
> >71.102.x.x/16 0.04%
> >
> >71.126.x.x/16 0.04%
> >
> >71.165.x.x/16 0.04%
> >
> >71.29.x.x/16 0.39%
> >
> >71.68.x.x/16 0.04%
> >
> >71.96.x.x/16 0.04%
> >
> >72.4.x.x/16 0.66%
> >
> >72.91.x.x/16 0.04%
> >
> >74.105.x.x/16 0.04%
> >
> >74.56.x.x/16 1.02%
> >
> >75.31.x.x/16 0.08%
> >
> >75.4.x.x/16 0.04%
> >
> >77.177.x.x/16 0.26%
> >
> >80.121.x.x/16 0.93%
> >
> >80.183.x.x/16 0.26%
> >
> >81.182.x.x/16 0.17%
> >
> >81.99.x.x/16 0.26%
> >
> >82.146.x.x/16 1.37%
> >
> >82.194.x.x/16 0.66%
> >
> >82.236.x.x/16 0.31%
> >
> >82.64.x.x/16 0.48%
> >
> >82.78.x.x/16 0.97%
> >
> >83.194.x.x/16 0.97%
> >
> >83.216.x.x/16 0.70%
> >
> >83.22.x.x/16 0.35%
> >
> >83.27.x.x/16 0.97%
> >
> >83.29.x.x/16 0.08%
> >
> >83.5.x.x/16 0.48%
> >
> >83.52.x.x/16 0.66%
> >
> >83.8.x.x/16 0.79%
> >
> >83.92.x.x/16 0.84%
> >
> >83.94.x.x/16 0.93%
> >
> >84.104.x.x/16 0.26%
> >
> >84.105.x.x/16 0.66%
> >
> >84.114.x.x/16 0.93%
> >
> >84.128.x.x/16 0.04%
> >
> >84.174.x.x/16 0.17%
> >
> >84.229.x.x/16 0.26%
> >
> >85.102.x.x/16 0.22%
> >
> >87.179.x.x/16 0.17%
> >
> >87.57.x.x/16 0.08%
> >
> >87.58.x.x/16 0.13%
> >
> >88.11.x.x/16 0.88%
> >
> >88.111.x.x/16 0.17%
> >
> >88.154.x.x/16 0.13%
> >
> >88.161.x.x/16 0.35%
> >
> >88.163.x.x/16 0.79%
> >
> >88.226.x.x/16 0.04%
> >
> >88.64.x.x/16 0.17%
> >
> >88.68.x.x/16 0.93%
> >
> >88.76.x.x/16 0.66%
> >
> >89.136.x.x/16 0.57%
> >
> >89.156.x.x/16 1.95%
> >
> >89.33.x.x/16 0.48%
> >
> >89.39.x.x/16 0.79%
> >
> >124.111.x.x/16 0.97%
> >
> >124.197.x.x/16 0.97%
> >
> >124.5.x.x/16 0.93%
> >
> >124.54.x.x/16 0.35%
> >
> >125.18.x.x/16 0.04%
> >
> >125.180.x.x/16 0.04%
> >
> >137.132.x.x/16 0.04%
> >
> >169.232.x.x/16 0.04%
> >
> >172.16.x.x/16 0.48%
> >
> >192.233.x.x/16 0.04%
> >
> >193.131.x.x/16 0.04%
> >
> >193.138.x.x/16 0.84%
> >
> >193.231.x.x/16 0.88%
> >
> >194.97.x.x/16 0.31%
> >
> >195.228.x.x/16 0.75%
> >
> >195.252.x.x/16 0.31%
> >
> >200.141.x.x/16 0.04%
> >
> >200.213.x.x/16 0.79%
> >
> >200.216.x.x/16 1.02%
> >
> >200.64.x.x/16 0.66%
> >
> >200.96.x.x/16 0.22%
> >
> >201.11.x.x/16 0.93%
> >
> >201.141.x.x/16 0.48%
> >
> >201.18.x.x/16 0.48%
> >
> >201.22.x.x/16 0.17%
> >
> >201.221.x.x/16 0.66%
> >
> >201.28.x.x/16 0.04%
> >
> >201.32.x.x/16 0.44%
> >
> >201.4.x.x/16 0.17%
> >
> >201.41.x.x/16 1.02%
> >
> >201.43.x.x/16 0.62%
> >
> >201.5.x.x/16 1.28%
> >
> >201.69.x.x/16 0.57%
> >
> >201.7.x.x/16 0.13%
> >
> >201.76.x.x/16 0.79%
> >
> >202.150.x.x/16 0.88%
> >
> >202.58.x.x/16 0.04%
> >
> >202.7.x.x/16 0.84%
> >
> >202.78.x.x/16 0.04%
> >
> >203.180.x.x/16 0.97%
> >
> >203.240.x.x/16 1.06%
> >
> >203.90.x.x/16 0.04%
> >
> >204.50.x.x/16 0.04%
> >
> >206.222.x.x/16 0.13%
> >
> >207.172.x.x/16 0.04%
> >
> >207.215.x.x/16 0.04%
> >
> >207.68.x.x/16 0.84%
> >
> >208.1.x.x/16 0.62%
> >
> >208.102.x.x/16 0.04%
> >
> >209.153.x.x/16 0.04%
> >
> >210.1.x.x/16 0.53%
> >
> >210.157.x.x/16 0.44%
> >
> >210.222.x.x/16 0.53%
> >
> >211.172.x.x/16 0.44%
> >
> >211.176.x.x/16 0.04%
> >
> >211.212.x.x/16 0.97%
> >
> >211.213.x.x/16 0.39%
> >
> >211.229.x.x/16 0.04%
> >
> >211.232.x.x/16 1.15%
> >
> >211.49.x.x/16 0.04%
> >
> >212.10.x.x/16 0.93%
> >
> >212.183.x.x/16 0.04%
> >
> >212.200.x.x/16 1.10%
> >
> >212.36.x.x/16 0.88%
> >
> >212.68.x.x/16 0.70%
> >
> >212.89.x.x/16 0.66%
> >
> >212.95.x.x/16 0.84%
> >
> >213.129.x.x/16 0.70%
> >
> >213.166.x.x/16 0.08%
> >
> >213.169.x.x/16 1.02%
> >
> >213.87.x.x/16 0.04%
> >
> >216.46.x.x/16 0.04%
> >
> >217.125.x.x/16 0.88%
> >
> >217.173.x.x/16 0.48%
> >
> >217.175.x.x/16 1.06%
> >
> >217.41.x.x/16 0.04%
> >
> >218.11.x.x/16 0.70%
> >
> >218.170.x.x/16 0.31%
> >
> >218.190.x.x/16 1.10%
> >
> >218.235.x.x/16 0.26%
> >
> >218.253.x.x/16 0.62%
> >
> >218.255.x.x/16 0.04%
> >
> >218.26.x.x/16 0.04%
> >
> >218.38.x.x/16 2.17%
> >
> >218.39.x.x/16 0.26%
> >
> >218.85.x.x/16 0.17%
> >
> >218.89.x.x/16 0.04%
> >
> >218.92.x.x/16 0.04%
> >
> >218.94.x.x/16 0.66%
> >
> >219.249.x.x/16 1.02%
> >
> >219.254.x.x/16 0.04%
> >
> >219.255.x.x/16 0.04%
> >
> >220.134.x.x/16 0.57%
> >
> >220.135.x.x/16 0.04%
> >
> >221.142.x.x/16 0.75%
> >
> >221.212.x.x/16 0.79%
> >
> >221.246.x.x/16 0.79%
> >
> >222.106.x.x/16 0.57%
> >
> >222.107.x.x/16 0.97%
> >
> >222.112.x.x/16 1.15%
> >
> >222.236.x.x/16 0.97%
> >
> >222.5.x.x/16 0.84%
> >
> >
> >Anyone else seeing a big ping sweep jump?
> >
> >Jon
> >--
> >Jon R. Kibler
> >Chief Technical Officer
> >A.S.E.T., Inc.
> >Charleston, SC USA
> >(843) 849-8214
> >
> >
> >
> >
> >==================================================
> >Filtered by: TRUSTEM.COM's Email Filtering Service
> >http://www.trustem.com/
> >No Spam. No Viruses. Just Good Clean Email.
> >
> >
> _________________________________________
>
> SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
> taught by our top rated instructors plus a huge vendor tools expo.
> Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)
>


More information about the list mailing list