Tom's Hardware > Forum > General Networking > Firewall > ICMP Echo Flood on cable modem

ICMP Echo Flood on cable modem

Forum General Networking : Firewall - ICMP Echo Flood on cable modem

Tom's Hardware: Over 1.4 million members in 6 different countries available to answer all your high-tech questions. Sign up now! Its free!
Ask the community Add a reply
Word :    Username :           
 
Anonymous   04-27-2004 at 12:29:44 AM

Archived from groups: comp.security.firewalls (More info?)

 

I have Charter cable and for months I have been receiving a flood of
ICMP ECHO messages pretty much continuously. Rates have been observed
from 300 to 1000 packets a minute.

All of the packets checked are identical except for the Reply To IP
address and the checksum. All the FROM addresses are 127.0.0.1 and the
TO addresses are addresses in my regional Charter cable domain.

Here's a sample packet:

45 00 00 26 8F 0E 40 00 FF 01 2C 9F 7F 00 00 01
44 73 FC B4 08 00 D8 D7 04 D2 00 00 31 F9 24 44
00 06 BC 09 08 09

I'm behind a NAT router that doesn't reply to PINGS.

What is this?

Kevin

[PS. I called Charter and they said to file an abuse complaint which I
did (without effect).]

Add a reply
Sponsored Links
Register or log in to remove.
Anonymous   04-28-2004 at 04:35:04 AM
- 0 +

Archived from groups: comp.security.firewalls (More info?)

 

ObiwanBota wrote:

>I have Charter cable and for months I have been receiving a flood of
>ICMP ECHO messages pretty much continuously. Rates have been observed
>from 300 to 1000 packets a minute.

Reminds me of Nachia/Welchia.

>All of the packets checked are identical except for the Reply To IP
>address and the checksum. All the FROM addresses are 127.0.0.1 and the
>TO addresses are addresses in my regional Charter cable domain.

Are you serious? If so, from where are you getting these logs?

>Here's a sample packet:
>
>45 00 00 26 8F 0E 40 00 FF 01 2C 9F 7F 00 00 01
>44 73 FC B4 08 00 D8 D7 04 D2 00 00 31 F9 24 44
>00 06 BC 09 08 09

Ok.

>I'm behind a NAT router that doesn't reply to PINGS.

Ok.

>What is this?

Do you know what 127.0.0.1 is?

>Kevin
>
>[PS. I called Charter and they said to file an abuse complaint which I
>did (without effect).]

I'm not surprised.

Reply to Anonymous
Anonymous   05-04-2004 at 06:01:51 AM
- 0 +

Archived from groups: comp.security.firewalls (More info?)

 

I've ask a similar question recently after snort on my OpenBSD firewall
snatched some packets from 127.0.0.1:80 to external ip address between
1000 to 2000
Someone mentioned that is what blaster does. Blaster will send spoof
packets like that.

Calyth

Reply to Anonymous
Ask the community Add a reply
Tom's Hardware > Forum > General Networking > Firewall > ICMP Echo Flood on cable modem
Go to:

There are 1231 identified and unidentified users. To see the list of identified users, Click here.

Forum map
Bestofmedia Forum ©
2000-2009 Bestofmedia Group
Page generated in 0.284 seconds
Please mind

You are about to answer a thread that has been inactive for more than 6 months.
If you still wish to proceed, please ensure that your posting is original and does not duplicate or overlap any prior responses to this thread.

Add a reply Cancel
Sponsored links
  • Ask the community now
  • Publish
Ad
Related Topics
See all relatives topics
They won a badge
Join us in greeting them
  • 01:00 vianescute won the Freshman badge
  • 01:00 meywd won the Freshman badge
  • 01:00 nayega won the Freshman badge
  • 01:00 gpfear won the Freshman badge
  • 01:00 Conrad925 won the Freshman badge
  • 01:00 skythra won the Freshman badge
  • 01:00 Ckaz won the Freshman badge
  • 01:00 james59 won the Uniformed badge
  • 01:00 snarl won the Uniformed badge
  • 01:00 patlabor44 won the Uniformed badge