Security Incidents mailing list archives

Re: echo requests, 1480 bytes

From: don () MAINFRAME DGRC CRC CA (Donald McLachlan)
Date: Wed, 16 Feb 2000 10:41:24 -0500


I had originally replied directly to James, but I'll re-send the message
to the list.  What is going on here is odd.> From don Tue Feb 15 08:13:17 2000

To: digi () LINUXPRON COM

I don't think that is it James.  Pinging them reveals:

      % ping ns-norva.navy.mil
      ICMP Source Quench from ns-norva.navy.mil (205.56.138.34)
       for icmp from obelix (142.92.38.223) to ns-norva.navy.mil (205.56.138.34)
      ns-norva.navy.mil is alive

tcpdump of the traffic from them reveals:

      09:03:26.472434 205.56.138.34 > my.host: icmp: source quench (ttl 238, id 16606)
      09:03:26.472683 205.56.138.34 > my.host: icmp: echo reply (DF) (ttl 238, id 16607)
      09:03:27.468066 205.56.138.34 > my.host: icmp: source quench (ttl 238, id 16608)
      09:03:27.468422 205.56.138.34 > my.host: icmp: echo reply (DF) (ttl 238, id 16609)
      09:03:28.478864 205.56.138.34 > my.host: icmp: source quench (ttl 238, id 16610)
      09:03:28.479242 205.56.138.34 > my.host: icmp: echo reply (DF) (ttl 238, id 16611)

(note there is no dns traffic there)

Don

Current thread:

Re: Ports 41508, 41524 & 41531, (continued)
- - Re: Ports 41508, 41524 & 41531 Rick Ballard (Feb 10)
- Re: echo requests, 1480 bytes Brett Glass (Feb 09)
  - Re: echo requests, 1480 bytes James Lohman (Feb 10)
    - Re: echo requests, 1480 bytes Marc Slemko (Feb 15)
- twinkie Vasiliy Kuznetsov (Feb 15)
  - Re: twinkie Przemyslaw Frasunek (Feb 16)
  - Re: twinkie Pavel Kankovsky (Feb 17)
- Re: echo requests, 1480 bytes Przemyslaw Frasunek (Feb 15)
- Re: echo requests, 1480 bytes Ron Gula (Feb 11)
  - Re: echo requests, 1480 bytes Omachonu Ogali (Feb 15)
- Re: echo requests, 1480 bytes Donald McLachlan (Feb 16)
- Re: echo requests, 1480 bytes Mixmaster (Feb 19)
  - Re: echo requests, 1480 bytes Fengor Wolfsclaw (Feb 22)