Strange icmp - hack attempt?

Gary Maltzen Tue, 07 Nov 2000 09:07:39 -0800
While monitoring one of our servers for anomalous sequences, I ran across
this in a tcpdump.

There have been numerous icmp-echo requests, but these are radically
different.

What are these telling me?

eth0 P 213.57.53.33 > 10.1.1.113: icmp: echo request (frag 21767:552@0+)
(ttl 112)
eth0 P 213.57.53.33 > 10.1.1.113: (frag 21767:156@552) (ttl 112)
...
eth0 P 213.57.53.33 > 10.1.1.113: icmp: echo request (frag 19464:552@0+)
(ttl 112)
eth0 P 213.57.53.33 > 10.1.1.113: (frag 19464:156@552) (ttl 112)
...
eth0 P 213.57.53.33 > 10.1.1.113: icmp: echo request (frag 9993:552@0+) (ttl
112)
eth0 P 213.57.53.33 > 10.1.1.113: (frag 9993:156@552) (ttl 112)
...
eth0 P 213.104.186.170 > 10.1.1.113: icmp: echo request (frag 44831:552@0+)
(ttl 106)
eth0 P 213.104.186.170 > 10.1.1.113: (frag 44831:156@552) (ttl 106)

In case it's not obvious, 10.1.1.113 is the internal address of my server.

 213.57.53.33 belongs to NONSTOP-CABLE of Israel
 213.104.186.170 belongs to NTL Internet of Great Britain

TIA,
Gary

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
Strange icmp - hack attempt?

Reply via email to
