[Snort-users] Possible DOS Attack??

Jay Moore jmoore at ...1671...
Mon Jun 18 10:40:57 EDT 2001


I have been recieving ICMP requests from the following IP address since 4am this morning.  The icmp requests are being send to every host in my IP range (209.192.70.0/24 and 208.5.208.0/24).  The destination field says 255.255.255.255 the source field is 216.80.83.185 (irc.plur.net some ISP in chicago owns this IP).  It does not seem to be affecting my bandwidth.  I need help in determining if this is a real DOS attack.  I have tried to scan with nessus the attacking IP, but the IP is not responding.  Does the packets below tell me anything else.  Not sure where to start.  Thanks in advance.

Incoming packet:
from 216.80.83.185 to 255.255.255.255
0000  ff ff ff ff ff ff 00 30  80 18 83 c1 08 00 45 00   .......0 ......E. 
0010  04 30 ac 4b 40 00 f2 01  ac 77 d8 50 53 b9 ff ff   .0.K at ...979... .w.PS... 
0020  ff ff 08 00 f7 ff 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0040  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0060  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0070  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0080  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0090  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
00a0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
00b0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
00c0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
00d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
00e0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
00f0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0100  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0110  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0120  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0130  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0140  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0150  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0160  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0170  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0180  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0190  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
01a0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
01b0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
01c0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
01d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
01e0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
01f0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0200  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0210  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0220  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0230  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0240  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0250  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0260  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0270  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0280  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0290  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
02a0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
02b0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
02c0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
02d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
02e0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
02f0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0300  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0310  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0320  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0330  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0340  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0350  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0360  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0370  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0380  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0390  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
03a0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
03b0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
03c0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
03d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
03e0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
03f0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0400  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0410  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0420  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0430  00 00 00 00 00 00 00 00  00 00 00 00 00 00         ........ ......   

reply packet
from  208.5.208.254 to 216.80.83.185 to
0000  00 30 80 18 83 c1 00 01  02 26 17 0d 08 00 45 00   .0...... .&....E. 
0010  04 30 ef de 00 00 ff 01  fa df d0 05 d0 fe d8 50   .0...... .......P 
0020  53 b9 00 00 ff ff 00 00  00 00 00 00 00 00 00 00   S....... ........ 
0030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0040  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0060  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0070  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0080  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0090  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
00a0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
00b0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
00c0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
00d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
00e0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
00f0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0100  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0110  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0120  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0130  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0140  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0150  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0160  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0170  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0180  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0190  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
01a0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
01b0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
01c0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
01d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
01e0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
01f0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0200  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0210  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0220  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0230  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0240  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0250  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0260  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0270  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0280  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0290  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
02a0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
02b0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
02c0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
02d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
02e0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
02f0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0300  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0310  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0320  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0330  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0340  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0350  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0360  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0370  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0380  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0390  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
03a0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
03b0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
03c0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
03d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
03e0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
03f0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0400  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0410  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0420  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........ 
0430  00 00 00 00 00 00 00 00  00 00 00 00 00 00         ........ ......   



#-- Jay Moore, Chief Engineer
#-- Don't meddle in the affairs of hackers for they are subtle and quick to anger
uptime|perl -e 'print"TrueSysAdmin\n" if($_=<STDIN>)=~/^(.*)/;'

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010618/83c6385c/attachment.html>


More information about the Snort-users mailing list