[Snort-users] ICMP Help

Dan Fiorito namedpipe at ...125...
Fri Jan 18 07:25:07 EST 2002


I was hopeing to get someone elses opinion on this trace. Have been logging 
thousands. Looks like a DDOS tool, only I am not sure.


#(1 - 55805) [2002-1-17 00:05:49]  ICMP PING

IPv4: 216.33.87.9 -> 207.241.198.130
      hlen=5 TOS=0 dlen=84 ID=52480 flags=0 offset=0 TTL=49 chksum=63241
ICMP: type=Echo Request code=0
      checksum=59919 id=52480 seq=256
Payload:  length = 56

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 69 3C 28 3C A9 76 05 00 00 00 00 00   ....i<(<.v......
020 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
030 : 00 00 00 00 00 00 00 00                           ........
------------------------------------------------------------------------
------
#(1 - 55806) [2002-1-17 00:05:49]  ICMP PING

IPv4: 216.33.87.9 -> 207.241.198.130
      hlen=5 TOS=0 dlen=84 ID=52480 flags=0 offset=0 TTL=49 chksum=63241
ICMP: type=Echo Request code=0
      checksum=54031 id=52480 seq=512
Payload:  length = 56

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 69 3C 28 3C BF 76 05 00 00 00 00 00   ....i<(<.v......
020 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
030 : 00 00 00 00 00 00 00 00                           ........
------------------------------------------------------------------------
------
#(1 - 55807) [2002-1-17 00:05:49]  ICMP PING

IPv4: 216.33.87.9 -> 207.241.198.130
      hlen=5 TOS=0 dlen=84 ID=52480 flags=0 offset=0 TTL=49 chksum=63241
ICMP: type=Echo Request code=0
      checksum=48399 id=52480 seq=768
Payload:  length = 56

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 69 3C 28 3C D4 76 05 00 00 00 00 00   ....i<(<.v......
020 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
030 : 00 00 00 00 00 00 00 00                           ........
------------------------------------------------------------------------
------
#(1 - 55808) [2002-1-17 00:05:49]  ICMP Echo Reply

IPv4: 207.241.198.130 -> 216.33.87.9
      hlen=5 TOS=0 dlen=84 ID=20078 flags=0 offset=0 TTL=64 chksum=26268
ICMP: type=Echo Reply code=0
      checksum=61967 id=52480 seq=256
Payload:  length = 56

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 69 3C 28 3C A9 76 05 00 00 00 00 00   ....i<(<.v......
020 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
030 : 00 00 00 00 00 00 00 00                           ........
------------------------------------------------------------------------
------
#(1 - 55809) [2002-1-17 00:05:49]  ICMP Echo Reply

IPv4: 207.241.198.130 -> 216.33.87.9
      hlen=5 TOS=0 dlen=84 ID=20079 flags=0 offset=0 TTL=64 chksum=26267
ICMP: type=Echo Reply code=0
      checksum=56079 id=52480 seq=512
Payload:  length = 56

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 69 3C 28 3C BF 76 05 00 00 00 00 00   ....i<(<.v......
020 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
030 : 00 00 00 00 00 00 00 00                           ........

_________________________________________________________________
Join the world�s largest e-mail service with MSN Hotmail. 
http://www.hotmail.com





More information about the Snort-users mailing list