lots of pings but nothing else - attack?

lots of pings but nothing else - attack?

Post by Peter Wittic » Wed, 06 Jan 1999 04:00:00



Hello,

one of the domains I am involved with is getting a lot of pings from all sorts
of random places - sometimes, many pings from one host at a time, sometimes
just one, sometimes, many from similar hosts at the same time.  There doesn't
seem to be any other activity (as far as I can tell).  What could the
motivation for this behavior be, besides seeing if what machines are up, if
it's never followed by anything else, be it a port scan, or whatever?

Can any of the newer scanners (e.g., nmap) use this information somehow to
determine the OS of the attacking machines, or does it have to have more?

I'm getting increasingly paranoid ;)

Thanks,

        Peter Wittich
--
Peter Wittich
Dept. of Physics, U.Penn        There's no small talk on walkie-talkies.

------------------------------------------------------------------

 
 
 

lots of pings but nothing else - attack?

Post by Brian Hamps » Wed, 06 Jan 1999 04:00:00


: Hello,
:
: one of the domains I am involved with is getting a lot of pings from all sorts
: of random places - sometimes, many pings from one host at a time, sometimes
: just one, sometimes, many from similar hosts at the same time.  There doesn't
: seem to be any other activity (as far as I can tell).  What could the
: motivation for this behavior be, besides seeing if what machines are up, if
: it's never followed by anything else, be it a port scan, or whatever?
:
: Can any of the newer scanners (e.g., nmap) use this information somehow to
: determine the OS of the attacking machines, or does it have to have more?
:
: I'm getting increasingly paranoid ;)

If your network is listed at http://netscan.org, it might be a SMURF
amplifier, which all the little script kiddies are banging on.

Are the pings to your MACHINE, or your NETWORK address?

B.
--

   Brian P. Hampson                  ASL Analytical Service Laboratories Ltd
   System Administrator,             Vancouver, BC (604)253-4188
      ----------------- http://www.ASL.CA/ ----------------------------  

I'm not speaking for the company <- They made me say that.

 
 
 

lots of pings but nothing else - attack?

Post by Alan J. Flavel » Wed, 06 Jan 1999 04:00:00



Quote:> one of the domains I am involved with is getting a lot of pings from all sorts
> of random places - sometimes, many pings from one host at a time, sometimes
> just one, sometimes, many from similar hosts at the same time.

Maybe it's quite innocent, just the target for some kind of network
monitoring.

I know that nscp01.physics.upenn.edu is one such target.  Check with
the IETF network monitoring page
http://www.hep.net/hepnrc/network/participants.html
or contact your BaBar network monitoring contact person if this
seems to be relevant.

These should be regular, but not too frequent, probes, and quite
harmless.  But maybe it isn't that at all...

If what you're seeing is irregular, then you might take a closer
look at where they're coming from (or where they claim to be coming
from). If you're the victim of a smurf attack, there isn't much you
can do about it.  If you're being used as the innocent party to
launch an attack against someone else, then you really must get
something done about it (your external router reconfigured to
protect against that).

good luck

 
 
 

lots of pings but nothing else - attack?

Post by Peter Wittic » Wed, 06 Jan 1999 04:00:00


Hi, thanks to all who responded.  It appears that the net in question is
indeed a sinner according to http://netscan.org, so I guess that answers why
the machines in question are getting pinged.  Gotta get that fixed.

        Peter

--
Peter Wittich
Dept. of Physics, U.Penn        There's no small talk on walkie-talkies.

------------------------------------------------------------------

 
 
 

lots of pings but nothing else - attack?

Post by Alan J. Flavel » Thu, 07 Jan 1999 04:00:00


Sorry, my typing ran faster than my brain:


> the IETF network monitoring page

Supposed to be "ICFA-NTF".  Apologies.
 
 
 

lots of pings but nothing else - attack?

Post by Bernd Eckenfel » Thu, 07 Jan 1999 04:00:00



> one of the domains I am involved with is getting a lot of pings from all sorts
> of random places - sometimes, many pings from one host at a time, sometimes
> just one, sometimes, many from similar hosts at the same time.  There doesn't
> seem to be any other activity (as far as I can tell).  What could the
> motivation for this behavior be, besides seeing if what machines are up, if
> it's never followed by anything else, be it a port scan, or whatever?

It can be a smurf attach. They try to flood your network connection (Deny of
Service Attack) or bring down a special host (perhaps to spoof it). It
depends on the amount of pings u receive. Just have a look at netscan.org.

Greetings
Bernd

 
 
 

1. anyone else get a lot of attacks from wanadoo.fr

Just curious if anyone else here gets a lot of suspicious traffic from
various hosts at wanadoo.fr.  I assumed for some reason some idiot was just
targeting one of my systems, but I've noticed a lot of stuff from wanadoo.fr
on other systems I administer; totally unrelated systems with different
domain names and in different ip blocks.

John

2. sendmail authentication

3. Weird problem - Ping and DNS work; nothing else does.

4. Any good _free_ class libraries out there?

5. i can ping my self but nothing else please help

6. SMAIL retry setup ?

7. Ping but nothing else

8. help Red hat burnt my floppy drive

9. Ping works but nothing else W95 & RH5

10. I can 'Ping,' but nothing else.

11. Dynamic IP problems, ping and nothing else...

12. Problem with SLIP, can ping but nothing else!

13. Trying to set up Cable Modem @home under linux...pings IP but nothing else????