PDA

Click to See Complete Forum and Search --> : What does this mean?

MkIII_Supra
12-05-2000, 02:39 AM
I was reading some of my old security logs and I found this. To me it looks like this person tried to flood my firewall into failure.
I dunno anybody have an idea?
[CODE]
Nov 23 19:02:41 ICMP: echo from cobalt4.virtu-host.com (20 bytes)
Nov 23 19:02:43 last message repeated 1 times
Nov 23 19:02:43 ICMP: echo from host3.globalnameservers.com (18 bytes)
Nov 23 19:02:44 ICMP: echo from cobalt4.virtu-host.com (20 bytes)
Nov 23 19:02:45 ICMP: echo from host3.globalnameservers.com (18 bytes)
Nov 23 19:02:46 ICMP: echo from cobalt4.virtu-host.com (20 bytes)
Nov 23 19:02:46 ICMP: echo from whntded27.rcsntx.swbell.net (72 bytes)
Nov 23 19:02:47 ICMP: echo from host3.globalnameservers.com (18 bytes)
Nov 23 19:02:48 ICMP: echo from stanfisher.netgate.net (72 bytes)
Nov 23 19:02:48 ICMP: echo from cobalt4.virtu-host.com (20 bytes)
Nov 23 19:02:48 ICMP: echo from whntded27.rcsntx.swbell.net (72 bytes)
Nov 23 19:02:49 ICMP: echo from host3.globalnameservers.com (18 bytes)
Nov 23 19:02:49 ICMP: echo from ingeod.san-jose.psn.net (72 bytes)
Nov 23 19:02:49 ICMP: echo from stanfisher.netgate.net (72 bytes)
Nov 23 19:02:50 ICMP: echo from cobalt4.virtu-host.com (20 bytes)
Nov 23 19:02:50 ICMP: echo from whntded27.rcsntx.swbell.net (72 bytes)
Nov 23 19:02:50 ICMP: echo from athena.domainnameservers.net (72 bytes)
Nov 23 19:02:51 ICMP: echo from ingeod.san-jose.psn.net (72 bytes)
Nov 23 19:02:51 ICMP: echo from host3.globalnameservers.com (18 bytes)
Nov 23 19:02:51 ICMP: echo from stanfisher.netgate.net (72 bytes)
Nov 23 19:02:52 ICMP: echo from 204.212.147.2 (72 bytes)
Nov 23 19:02:52 ICMP: echo from athena.domainnameservers.net (72 bytes)
Nov 23 19:02:52 ICMP: echo from cobalt4.virtu-host.com (20 bytes)
Nov 23 19:02:52 ICMP: echo from whntded27.rcsntx.swbell.net (72 bytes)
Nov 23 19:02:52 ICMP: echo from ingeod.san-jose.psn.net (72 bytes)
Nov 23 19:02:52 ICMP: echo from stanfisher.netgate.net (72 bytes)
Nov 23 19:02:53 ICMP: echo from host3.globalnameservers.com (18 bytes)
Nov 23 19:02:53 ICMP: echo from athena.domainnameservers.net (72 bytes)
Nov 23 19:02:54 ICMP: echo from 204.212.147.2 (72 bytes)
Nov 23 19:02:54 ICMP: echo from ingeod.san-jose.psn.net (72 bytes)
Nov 23 19:02:54 ICMP: echo from stanfisher.netgate.net (72 bytes)
Nov 23 19:02:54 ICMP: echo from cobalt4.virtu-host.com (20 bytes)
Nov 23 19:02:54 ICMP: echo from whntded27.rcsntx.swbell.net (72 bytes)
Nov 23 19:02:55 ICMP: echo from host3.globalnameservers.com (18 bytes)
Nov 23 19:02:55 ICMP: echo from athena.domainnameservers.net (72 bytes)
Nov 23 19:02:55 ICMP: echo from ingeod.san-jose.psn.net (72 bytes)
Nov 23 19:02:55 ICMP: echo from stanfisher.netgate.net (72 bytes)
Nov 23 19:02:56 ICMP: echo from 204.212.147.2 (72 bytes)
Nov 23 19:02:56 ICMP: echo from brain.inr.net (72 bytes)
Nov 23 19:02:56 ICMP: echo from whntded27.rcsntx.swbell.net (72 bytes)
Nov 23 19:02:56 ICMP: echo from cobalt4.virtu-host.com (20 bytes)
Nov 23 19:02:56 ICMP: echo from athena.domainnameservers.net (72 bytes)
Nov 23 19:02:57 ICMP: echo from ingeod.san-jose.psn.net (72 bytes)
Nov 23 19:02:57 ICMP: echo from host3.globalnameservers.com (18 bytes)
Nov 23 19:02:57 ICMP: echo from stanfisher.netgate.net (72 bytes)
Nov 23 19:02:58 ICMP: echo from 204.212.147.2 (72 bytes)
Nov 23 19:02:58 ICMP: echo from brain.inr.net (72 bytes)
Nov 23 19:02:58 ICMP: echo from athena.domainnameservers.net (72 bytes)
Nov 23 19:02:58 ICMP: echo from whntded27.rcsntx.swbell.net (72 bytes)
Nov 23 19:02:58 ICMP: echo from ingeod.san-jose.psn.net (72 bytes)
Nov 23 19:02:58 ICMP: echo from stanfisher.netgate.net (72 bytes)
Nov 23 19:02:59 ICMP: echo from host3.globalnameservers.com (18 bytes)
Nov 23 19:02:59 ICMP: echo from brain.inr.net (72 bytes)
Nov 23 19:02:59 ICMP: echo from athena.domainnameservers.net (72 bytes)
Nov 23 19:03:00 ICMP: echo from 204.212.147.2 (72 bytes)
Nov 23 19:03:00 ICMP: echo from ingeod.san-jose.psn.net (72 bytes)
Nov 23 19:03:00 ICMP: echo from stanfisher.netgate.net (72 bytes)
Nov 23 19:03:00 ICMP: echo from whntded27.rcsntx.swbell.net (72 bytes)
Nov 23 19:03:01 ICMP: echo from host3.globalnameservers.com (18 bytes)
Nov 23 19:03:01 ICMP: echo from brain.inr.net (72 bytes)
Nov 23 19:03:01 ICMP: echo from athena.domainnameservers.net (72 bytes)
Nov 23 19:03:01 ICMP: echo from ingeod.san-jose.psn.net (72 bytes)
Nov 23 19:03:01 ICMP: echo from stanfisher.netgate.net (72 bytes)
Nov 23 19:03:02 ICMP: echo from 204.212.147.2 (72 bytes)
Nov 23 19:03:02 ICMP: echo from whntded27.rcsntx.swbell.net (72 bytes)
Nov 23 19:03:02 ICMP: echo from brain.inr.net (72 bytes)
Nov 23 19:03:02 ICMP: echo from athena.domainnameservers.net (72 bytes)
Nov 23 19:03:03 ICMP: echo from ingeod.san-jose.psn.net (72 bytes)
Nov 23 19:03:03 ICMP: echo from host3.globalnameservers.com (18 bytes)
Nov 23 19:03:03 ICMP: echo from stanfisher.netgate.net (72 bytes)
Nov 23 19:03:04 ICMP: echo from 204.212.147.2 (72 bytes)
Nov 23 19:03:04 ICMP: echo from brain.inr.net (72 bytes)
Nov 23 19:03:04 ICMP: echo from athena.domainnameservers.net (72 bytes)
Nov 23 19:03:04 ICMP: echo from whntded27.rcsntx.swbell.net (72 bytes)
Nov 23 19:03:04 ICMP: echo from ingeod.san-jose.psn.net (72 bytes)
Nov 23 19:03:04 ICMP: echo from stanfisher.netgate.net (72 bytes)
Nov 23 19:03:05 ICMP: echo from host3.globalnameservers.com (18 bytes)
Nov 23 19:03:05 ICMP: echo from brain.inr.net (72 bytes)
Nov 23 19:03:05 ICMP: echo from athena.domainnameservers.net (72 bytes)
Nov 23 19:03:06 ICMP: echo from 204.212.147.2 (72 bytes)
Nov 23 19:03:06 ICMP: echo from ingeod.san-jose.psn.net (72 bytes)
Nov 23 19:03:06 ICMP: echo from stanfisher.netgate.net (72 bytes)
Nov 23 19:03:06 ICMP: echo from whntded27.rcsntx.swbell.net (72 bytes)
Nov 23 19:03:07 ICMP: echo from host3.globalnameservers.com (18 bytes)
Nov 23 19:03:07 ICMP: echo from brain.inr.net (72 bytes)
Nov 23 19:03:07 ICMP: echo from athena.domainnameservers.net (72 bytes)
Nov 23 19:03:07 ICMP: echo from ingeod.san-jose.psn.net (72 bytes)
Nov 23 19:03:07 ICMP: echo from stanfisher.netgate.net (72 bytes)
Nov 23 19:03:08 ICMP: echo from 204.212.147.2 (72 bytes)
Nov 23 19:03:08 ICMP: echo from whntded27.rcsntx.swbell.net (72 bytes)
Nov 23 19:03:08 ICMP: echo from brain.inr.net (72 bytes)
Nov 23 19:03:08 ICMP: echo from athena.domainnameservers.net (72 bytes)
Nov 23 19:03:09 ICMP: echo from ingeod.san-jose.psn.net (72 bytes)
Nov 23 19:03:09 ICMP: echo from host3.globalnameservers.com (18 bytes)
Nov 23 19:03:09 ICMP: ping flood detected from stanfisher.netgate.net
Nov 23 19:03:10 ICMP: echo from 204.212.147.2 (72 bytes)
Nov 23 19:03:10 ICMP: echo from brain.inr.net (72 bytes)
Nov 23 19:03:10 ICMP: echo from athena.domainnameservers.net (72 bytes)
Nov 23 19:03:10 ICMP: echo from whntded27.rcsntx.swbell.net (72 bytes)
Nov 23 19:03:10 ICMP: ping flood detected from ingeod.san-jose.psn.net
Nov 23 19:03:11 ICMP: ping flood detected from host3.globalnameservers.com
Nov 23 19:03:11 ICMP: echo from brain.inr.net (72 bytes)
Nov 23 19:03:11 ICMP: ping flood detected from athena.domainnameservers.net
Nov 23 19:03:12 ICMP: echo from 204.212.147.2 (72 bytes)
Nov 23 19:03:12 ICMP: echo from whntded27.rcsntx.swbell.net (72 bytes)
Nov 23 19:03:13 ICMP: echo from brain.inr.net (72 bytes)
Nov 23 19:03:14 ICMP: echo from 204.212.147.2 (72 bytes)
Nov 23 19:03:14 ICMP: ping flood detected from whntded27.rcsntx.swbell.net
Nov 23 19:03:16 ICMP: echo from 204.212.147.2 (72 bytes)
Nov 23 19:03:20 last message repeated 1 times
Nov 23 19:03:20 ICMP: ping flood detected from 204.212.147.2
Nov 23 19:04:23 ICMP: ping flood mode expired for ingeod.san-jose.psn.net - received a total of 30 packets (2160 bytes).
Nov 23 19:04:26 ICMP: ping flood mode expired for stanfisher.netgate.net - received a total of 33 packets (2376 bytes).
Nov 23 19:04:28 ICMP: ping flood mode expired for whntded27.rcsntx.swbell.net - received a total of 27 packets (1944 bytes).
Nov 23 19:04:34 ICMP: ping flood mode expired for 204.212.147.2 - received a total of 27 packets (1944 bytes).
Nov 23 19:04:37 ICMP: ping flood mode expired for athena.domainnameservers.net - received a total of 39 packets (2808 bytes).

------------------
The Dragon is swift and powerful. Beware his wrath...
Not much to say? Then shut the hell up!
http://www.angelfire.com/wa2/MkIIISupra/ (http://www.angelfire.com/wa2/MkIIISupra)
Fandelem
12-05-2000, 04:36 AM
woah

how can i make my logs capture how many bytes in the pings?

*very jealous* http://www.linuxnewbie.org/ubb/smile.gif

what OS you using? linux? if so, howdja do it? http://www.linuxnewbie.org/ubb/smile.gif
vvx
12-05-2000, 04:44 AM
Looks like ipchains logging, and it looks a tad like a ping flood with a few hosts, interesting.. Second opinion anyone?
MkIII_Supra
12-05-2000, 09:18 AM
Using iplog that came with `Drake 7.2. It's a great tool, I am trying to figure out the logcheck from psionic.

The problem with iplog is that it records everything. I am trying to figure out how to get it to stop recording my ISP continual scans, which I just sent a letter of complaint to Road Runner of San Diego! Anyhow iplog is part of my multi-layer defense system. Started with the -l switch I sent it to various places on the sytstem.

------------------
The Dragon is swift and powerful. Beware his wrath...
Not much to say? Then shut the hell up!
http://www.angelfire.com/wa2/MkIIISupra/ (http://www.angelfire.com/wa2/MkIIISupra)
Fandelem
12-05-2000, 09:23 AM
39 packets is not "flooding" in my opinion.. maybe 3900 could be considered flooding..
Sokertes
12-05-2000, 12:50 PM
It kinda looks like finger or whois query form a chat server. Not sure

Sokertes