Snort mailing list archives

ICMP Help

From: "Dan Fiorito" <namedpipe () hotmail com>
Date: Fri, 18 Jan 2002 15:24:37 +0000

I was hopeing to get someone elses opinion on this trace. Have been loggingthousands. Looks like a DDOS tool, only I am not sure.



#(1 - 55805) [2002-1-17 00:05:49]  ICMP PING

IPv4: 216.33.87.9 -> 207.241.198.130
     hlen=5 TOS=0 dlen=84 ID=52480 flags=0 offset=0 TTL=49 chksum=63241
ICMP: type=Echo Request code=0
     checksum=59919 id=52480 seq=256
Payload:  length = 56

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 69 3C 28 3C A9 76 05 00 00 00 00 00   ....i<(<.v......
020 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
030 : 00 00 00 00 00 00 00 00                           ........
------------------------------------------------------------------------
------
#(1 - 55806) [2002-1-17 00:05:49]  ICMP PING

IPv4: 216.33.87.9 -> 207.241.198.130
     hlen=5 TOS=0 dlen=84 ID=52480 flags=0 offset=0 TTL=49 chksum=63241
ICMP: type=Echo Request code=0
     checksum=54031 id=52480 seq=512
Payload:  length = 56

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 69 3C 28 3C BF 76 05 00 00 00 00 00   ....i<(<.v......
020 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
030 : 00 00 00 00 00 00 00 00                           ........
------------------------------------------------------------------------
------
#(1 - 55807) [2002-1-17 00:05:49]  ICMP PING

IPv4: 216.33.87.9 -> 207.241.198.130
     hlen=5 TOS=0 dlen=84 ID=52480 flags=0 offset=0 TTL=49 chksum=63241
ICMP: type=Echo Request code=0
     checksum=48399 id=52480 seq=768
Payload:  length = 56

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 69 3C 28 3C D4 76 05 00 00 00 00 00   ....i<(<.v......
020 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
030 : 00 00 00 00 00 00 00 00                           ........
------------------------------------------------------------------------
------
#(1 - 55808) [2002-1-17 00:05:49]  ICMP Echo Reply

IPv4: 207.241.198.130 -> 216.33.87.9
     hlen=5 TOS=0 dlen=84 ID=20078 flags=0 offset=0 TTL=64 chksum=26268
ICMP: type=Echo Reply code=0
     checksum=61967 id=52480 seq=256
Payload:  length = 56

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 69 3C 28 3C A9 76 05 00 00 00 00 00   ....i<(<.v......
020 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
030 : 00 00 00 00 00 00 00 00                           ........
------------------------------------------------------------------------
------
#(1 - 55809) [2002-1-17 00:05:49]  ICMP Echo Reply

IPv4: 207.241.198.130 -> 216.33.87.9
     hlen=5 TOS=0 dlen=84 ID=20079 flags=0 offset=0 TTL=64 chksum=26267
ICMP: type=Echo Reply code=0
     checksum=56079 id=52480 seq=512
Payload:  length = 56

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 69 3C 28 3C BF 76 05 00 00 00 00 00   ....i<(<.v......
020 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
030 : 00 00 00 00 00 00 00 00                           ........

_________________________________________________________________

Join the worlds largest e-mail service with MSN Hotmail.http://www.hotmail.com



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

ICMP Help Dan Fiorito (Jan 18)