Snort mailing list archives

ICMP PING speedera

From: "L. Christopher Luther" <CLuther () Xybernaut com>
Date: Fri, 19 Jul 2002 11:56:21 -0400

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Can anyone give me a good definition of what exactly a "ICMP PING
speedera" is?  Snort on is detecting *many* of these types of pings
against my web server.  

All activity is originating from different hosts during each scan
cycle, but the same group of hosts is repeated during each cycle. 
See below for a sample of this activity:

07/19/02-10:25:02.329385  [**] [1:480:2] ICMP PING speedera [**]
[Classification: Misc activity] [Priority: 3] {ICMP} 64.14.117.10 ->
10.x.x.x
07/19/02-10:25:02.339568  [**] [1:480:2] ICMP PING speedera [**]
[Classification: Misc activity] [Priority: 3] {ICMP} 206.65.183.55 ->
10.x.x.x
07/19/02-10:25:02.347032  [**] [1:480:2] ICMP PING speedera [**]
[Classification: Misc activity] [Priority: 3] {ICMP} 65.114.157.130
- -> 10.x.x.x
07/19/02-10:25:02.352278  [**] [1:480:2] ICMP PING speedera [**]
[Classification: Misc activity] [Priority: 3] {ICMP} 64.15.251.198 ->
10.x.x.x
07/19/02-10:25:02.353595  [**] [1:480:2] ICMP PING speedera [**]
[Classification: Misc activity] [Priority: 3] {ICMP} 208.185.54.14 ->
10.x.x.x
07/19/02-10:25:02.362706  [**] [1:480:2] ICMP PING speedera [**]
[Classification: Misc activity] [Priority: 3] {ICMP} 204.253.104.235
- -> 10.x.x.x
07/19/02-10:25:02.376253  [**] [1:480:2] ICMP PING speedera [**]
[Classification: Misc activity] [Priority: 3] {ICMP} 63.238.125.34 ->
10.x.x.x
07/19/02-10:25:02.386243  [**] [1:480:2] ICMP PING speedera [**]
[Classification: Misc activity] [Priority: 3] {ICMP} 64.0.96.12 ->
10.x.x.x
07/19/02-10:25:02.397752  [**] [1:480:2] ICMP PING speedera [**]
[Classification: Misc activity] [Priority: 3] {ICMP} 212.62.17.145 ->
10.x.x.x
07/19/02-10:25:02.404776  [**] [1:480:2] ICMP PING speedera [**]
[Classification: Misc activity] [Priority: 3] {ICMP} 204.176.88.5 ->
10.x.x.x
07/19/02-10:25:02.420922  [**] [1:480:2] ICMP PING speedera [**]
[Classification: Misc activity] [Priority: 3] {ICMP} 65.119.25.162 ->
10.x.x.x
07/19/02-10:25:02.454157  [**] [1:480:2] ICMP PING speedera [**]
[Classification: Misc activity] [Priority: 3] {ICMP} 213.61.6.2 ->
10.x.x.x

07/19/02-11:37:55.348729  [**] [1:480:2] ICMP PING speedera [**]
[Classification: Misc activity] [Priority: 3] {ICMP} 64.14.117.10 ->
10.x.x.x
07/19/02-11:37:55.359533  [**] [1:480:2] ICMP PING speedera [**]
[Classification: Misc activity] [Priority: 3] {ICMP} 206.65.183.55 ->
10.x.x.x
07/19/02-11:37:55.362571  [**] [1:480:2] ICMP PING speedera [**]
[Classification: Misc activity] [Priority: 3] {ICMP} 65.114.157.130
- -> 10.x.x.x
07/19/02-11:37:55.366961  [**] [1:480:2] ICMP PING speedera [**]
[Classification: Misc activity] [Priority: 3] {ICMP} 208.185.54.14 ->
10.x.x.x
07/19/02-11:37:55.369756  [**] [1:480:2] ICMP PING speedera [**]
[Classification: Misc activity] [Priority: 3] {ICMP} 64.15.251.198 ->
10.x.x.x
07/19/02-11:37:55.377139  [**] [1:480:2] ICMP PING speedera [**]
[Classification: Misc activity] [Priority: 3] {ICMP} 204.253.104.235
- -> 10.x.x.x
07/19/02-11:37:55.402405  [**] [1:480:2] ICMP PING speedera [**]
[Classification: Misc activity] [Priority: 3] {ICMP} 64.0.96.12 ->
10.x.x.x
07/19/02-11:37:55.404888  [**] [1:480:2] ICMP PING speedera [**]
[Classification: Misc activity] [Priority: 3] {ICMP} 212.62.17.145 ->
10.x.x.x
07/19/02-11:37:55.425166  [**] [1:480:2] ICMP PING speedera [**]
[Classification: Misc activity] [Priority: 3] {ICMP} 204.176.88.5 ->
10.x.x.x
07/19/02-11:37:55.453302  [**] [1:480:2] ICMP PING speedera [**]
[Classification: Misc activity] [Priority: 3] {ICMP} 65.119.25.162 ->
10.x.x.x
07/19/02-11:37:55.464767  [**] [1:480:2] ICMP PING speedera [**]
[Classification: Misc activity] [Priority: 3] {ICMP} 213.61.6.2 ->
10.x.x.x


Sincerely,  

L. Christopher Luther  
Technology Manager  
Xybernaut Solutions, Inc.  
(703) 506-0400 x230  
cluther () xybernaut com  
http://www.xybernautsolutions.com  

My PGP Public Key:  
http://keyserver.pgp.com/pks/lookup?op=get&search=0x21261B88

CONFIDENTIALITY NOTE:  This communication contains 
information that is confidential and/or legally privileged.  
This information is intended only for the use of the individual 
or entity named on this communication. If you are not the 
intended recipient, you are hereby notified that any disclosure, 
copying, distribution, printing or other use of, or any action 
in reliance on, the contents of this communication is strictly 
prohibited.  If you receive this communication in error, please 
immediately notify us by telephone at (703) 506-0400. 

- ------------------------------------------------------------
Unsolicited commercial e-mail will automatically be reported
to the appropriate abuse@ - without exception.
- ------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1.1

iQA/AwUBPTg2pau/XM0hJhuIEQJptQCg15BOhF3YIVTaJBp7H69Of5XSNrIAn2G8
evAYtpvA+WSilrl6CwKuX+Oh
=lUhN
-----END PGP SIGNATURE-----

Current thread:

ICMP PING speedera L. Christopher Luther (Jul 19)
- Re: ICMP PING speedera J. Craig Woods (Jul 19)
- <Possible follow-ups>
- RE: ICMP PING speedera Hicks, John (Jul 19)
- ICMP Ping speedera Jessup, Justin (Jul 19)
- RE: ICMP PING speedera L. Christopher Luther (Jul 19)
  - Re: RE: ICMP PING speedera Jim Burwell (Jul 19)
- RE: RE: ICMP PING speedera Neville, Greg (Jul 19)
- RE: RE: ICMP PING speedera L. Christopher Luther (Jul 19)