|
Security Incidents
mailing list archives
ICMP-ECHO/TCP-ECHO Flood attacks
From: Dirk Meyer <dirk.meyer () DINOEX SUB ORG>
Date: Wed, 6 Sep 2000 05:35:02 +0200
I logged a lot of Flooding from this networks.
It looks like a Deny-Of-Service attempt to me.
They try to reach every host on teh network
via the broadcast adresses.
Blocking only seem not to help.
Anyone suffer similar attacks?
kind regards Dirk
- Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany
======= Analysis =======
inetnum: 195.222.32.0 - 195.222.63.255
netname: BA-BIHNET-970730
descr: Provider Local Registry
======= Log, times in CEST (GMT+2) =======
Sep 6 02:02:51 ICMP:8.0 195.222.63.185 194.45.71.0 in
Sep 6 02:02:51 UDP 195.222.63.185:26224 194.45.71.0:7 in
Sep 6 02:02:51 ICMP:8.0 195.222.63.185 194.45.71.255 in
Sep 6 02:02:51 UDP 195.222.63.185:18214 194.45.71.255:7 in
Sep 6 02:03:12 ICMP:8.0 195.222.63.185 194.45.71.0 in
Sep 6 02:03:12 UDP 195.222.63.185:23744 194.45.71.0:7 in
Sep 6 02:03:12 ICMP:8.0 195.222.63.185 194.45.71.255 in
Sep 6 02:03:12 UDP 195.222.63.185:18118 194.45.71.255:7 in
Sep 6 02:03:32 ICMP:8.0 195.222.63.185 194.45.71.0 in
Sep 6 02:03:32 UDP 195.222.63.185:4303 194.45.71.0:7 in
Sep 6 02:03:32 ICMP:8.0 195.222.63.185 194.45.71.255 in
Sep 6 02:03:32 UDP 195.222.63.185:4390 194.45.71.255:7 in
Sep 6 02:03:53 ICMP:8.0 195.222.63.185 194.45.71.0 in
Sep 6 02:03:53 UDP 195.222.63.185:671 194.45.71.0:7 in
Sep 6 02:03:53 ICMP:8.0 195.222.63.185 194.45.71.255 in
Sep 6 02:03:53 UDP 195.222.63.185:9798 194.45.71.255:7 in
[....]
continued over hours ...
 By Date 
By Thread
Current thread:
- ICMP-ECHO/TCP-ECHO Flood attacks Dirk Meyer (Sep 05)
|
Intro
