Kenneth Grande, Driftsjef aspIT AS
kenneth.grande at aspit.no
Tue Sep 23 14:06:32 GMT 2003
psad reports lots of icmp requests from several hosts (with an ip near
the target machine).
The ip of the hosts sending the icmp packets and the "victim" are
where xx and yy vary
I have other fw's reporting icmp reuqests from other hosts with the same
where x and y vary
anyone seen this before?
I get approx. 50 alerts pr. 2 hr.
(an example report is available below.)
=-=-=-=-=-=-=-=-=-=-=-= Tue Sep 23 15:40:47 2003 =-=-=-=-=-=-=-=-=-=-=-=
** psad: Suspicious traffic detected against (x.x.x.x).
Source DNS: [No reverse dns info available]
Danger level:  (out of 5)
Current interval: Tue Sep 23 15:40:42 2003 (start)
Tue Sep 23 15:40:47 2003 (end)
icmp packets: 
Overall stats since: Fri Sep 19 16:22:49 2003
chain: interface: tcp: udp: icmp:
input eth0 0 0 83
More information about the unisog